You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After moving from fluentd to otel I've added to my splunk-otel-collector chart's values.yaml file this block as shown below:
extraOperators:
- parse_from: attributes["log"]
parse_to: body
type: json_parser
- layout: ms
layout_type: epoch
parse_from: body.time
type: time_parser
As you can see, I've configured the chart to parse log entries and ensure correct timestamps, but I'm consistently receiving the following error message from the Splunk pod:
2024-05-01T14:55:49.795Z error helper/transformer.go:101 Failed to process entry {"kind": "receiver", "name": "filelog", "data_type": "logs", "operator_id": "time_parser", "operator_type": "time_parser", "error": {"description": "log entry does not have the expected parse_from field", "suggestion": "ensure that all entries forwarded to this parser contain the parse_from field", "details": {"parse_from": "body.time"}}, "action": "send"}
It's important to note that the extraOperators I added are working perfectly, and the time in Splunk Cloud has been correct ever since I implemented them
Has anyone encountered a similar issue with the Splunk pod in the splunk-otel-collector chart? Any suggestions or insights on how to resolve this would be greatly appreciated.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello everyone,
After moving from fluentd to otel I've added to my splunk-otel-collector chart's values.yaml file this block as shown below:
As you can see, I've configured the chart to parse log entries and ensure correct timestamps, but I'm consistently receiving the following error message from the Splunk pod:
2024-05-01T14:55:49.795Z error helper/transformer.go:101 Failed to process entry {"kind": "receiver", "name": "filelog", "data_type": "logs", "operator_id": "time_parser", "operator_type": "time_parser", "error": {"description": "log entry does not have the expected parse_from field", "suggestion": "ensure that all entries forwarded to this parser contain the parse_from field", "details": {"parse_from": "body.time"}}, "action": "send"}It's important to note that the extraOperators I added are working perfectly, and the time in Splunk Cloud has been correct ever since I implemented them
Has anyone encountered a similar issue with the Splunk pod in the splunk-otel-collector chart? Any suggestions or insights on how to resolve this would be greatly appreciated.
Thank you in advance for your help!
Beta Was this translation helpful? Give feedback.
All reactions