Splunk HTTP Event Collector Raw Event
Hey,
I'm trying to stream Windows Event Log events to Splunk. I found out that using the built-in Splunk destination on StreamSets does not support sending json events without the event field in it.
Splunk supports two ways of receiving from HEC - json with event field, and raw option, which just receives the raw data.
Is there any option on StreamSets to send the event as raw event? If not - is there a simple way to generate a new json object, with event field, and put the record in it?
Thanks
How is your Windows Event Log data currently showing up in the pipeline?
I have an Edge collector which is set to send logs to HTTP Client destination, and the destination sends the events, as json, to a central Data Collector, which send all the events (multiple Edge DCs) to splunk destination