Hey Guys,
I have a node js application and I used Winston to print out the log for our application. Ex(logger.info({responseStatus:200}). I am not using a log file and just simply printing out the log. I am not quite sure what's causing the issue here. The log event is working fine in other environments and displaying in the separate event log, so I can keep track of the event field name. But in the production environment, my logs are mixed with console.log and treated as one event instead. It looks something like this right here. (Just an example, but looks similar).
I am new to Splunk Enterprise, and I am not quite sure where my configuration file is located. It's ok if there's no solution, but I would like to hear some advice from the expert from Splunk, on what may be causing this happening.
Hello @Sambaing how to index these logs? Maybe your "source" field is not correctly defined.