Microsoft Teams
A Microsoft customizable chat-based workspace.
9,627 questions
ECS Splunk logs truncated with splunk-format raw
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 99%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)
Atonal Wilson
0
Reputation points
I'm having an AWS ECS Cluster and have configured it with Splunk logging and Splunk-format: raw in task definition like below:
{
"logConfiguration": {
"logDriver": "splunk",
"secretOptions": [
{
"valueFrom": "myarn",
"name": "splunk-token"
}
],
"options": {
"splunk-url": "my-splunk-url",
"splunk-source": "my-splunk-source",
"splunk-format": "raw"
}
}
}
All my dashboards in Splunk are expecting this format. The message is getting truncated at 4kb. Changing the format to inline does not truncate the messages but using this new format would require a lot of rework in the Splunk Dashboards.
Is there a way to get this to work with Splunk format: raw without having the message getting truncated?
Microsoft Teams