selfxp opened a new issue #4518: Splunk api call return empty log messages URL: https://github.com/apache/incubator-openwhisk/issues/4518 There is currently an issue with the API requests made to Splunk, that will return empty fields for large log messages (`>10KB`). See related issue #4347 . Currently invoking: ``` wsk activation logs $activation_id ``` on Splunk log messages larger than 10KB, will result in this output: ``` The log message can't be retrieved, key not found: log_message ``` After contacting Splunk support, we discovered that the field with a large content has to be extracted using `spath`. This means that the current API call should changed from: ``` curl -u username:password -k https://splunkhost:port/services/search/jobs -d exec_mode=oneshot -d output_mode=json -d "search=search index=\"someindex\" | spath=activation_id | search activation_id=a930e5ae4ad4455c8f2505d665aad282 | table log_message" -d "earliest_time=2017-08-29T12:00:00" -d "latest_time=2017-10-29T12:00:00" ``` to ``` curl -u username:password -k https://splunkhost:port/services/search/jobs -d exec_mode=oneshot -d output_mode=json -d "search=search index=\"someindex\" | spath=log_message | search activation_id=a930e5ae4ad4455c8f2505d665aad282 | table log_message" -d "earliest_time=2017-08-29T12:00:00" -d "latest_time=2017-10-29T12:00:00" ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
