Added required epoc time field for Splunk HEC Event Receiver (#14246)

Signed-off-by: Iain <[email protected]>

awx/main/utils/formatters.py

@@ -283,6 +283,7 @@ def format(self, record):
             message.update(self.get_debug_fields(record))
 
         if settings.LOG_AGGREGATOR_TYPE == 'splunk':
-            # splunk messages must have a top level "event" key
-            message = {'event': message}
+            # splunk messages must have a top level "event" key when using the /services/collector/event receiver.
+            # The event receiver wont scan an event for a timestamp field therefore a time field must also be supplied containing epoch timestamp
+            message = {'time': record.created, 'event': message}
         return self.serialize(message)