Revolyssup opened a new issue, #9458: URL: https://github.com/apache/apisix/issues/9458
### Current Behavior splunk-hec-logging returns an error from logging server while trying to POST the event. The error log is given below. It looks like the splunk server expects a json and not an array. [Here](https://github.com/apache/apisix/blob/e0a4cd7a48d09e2108127848e27bdad6e7c14f22/apisix/plugins/splunk-hec-logging.lua#L133) switching from core.json.encode(entries)to core.json.encode(entries[1])fixes the issue and produces the log given below ``` {"@timestamp":"2023-05-11T01:57:51+05:30","client_ip":"127.0.0.1","host":"revolyssup","route_id":"1","source_type":"splunk_hec","spl unk_source":"apache-apisix-splunk-hec-logging","splunk_sourcetype":"_json","timestamp":"2023-05-10T20:27:51.805000066Z"} ``` ### Expected Behavior The logs should be POST'ed correctly by APISIX on logging server. ### Error Logs ``` Batch Processor[splunk-hec-logging] failed to process entries: failed to send splunk, Event field is required, context: ngx.timer, client: 127.0.0.1, server: 0.0.0.0:9080 ``` ### Steps to Reproduce Run APISIX locally. Follow the doc for configuring the logger - https://apisix.apache.org/docs/apisix/plugins/splunk-hec-logging/ Use the below vector configuration ``` [sources.log-from-splunk] type = "splunk_hec" address = "0.0.0.0:3000" valid_tokens = [ "BD274822-96AA-4DA6-90EC-18940FB2414C" ] ``` ### Environment - APISIX version 3.3.0 - Operating system Linux 6.3.1-arch2-1 - OpenResty / Nginx version nginx version: openresty/1.21.4.1 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
