Splunk
This forwarder is used to send a log record to Splunk.
Data Model
Notes:
- The token is NOT encrypted in the database.
- These fields are "dynamic", consult this page for more information.
Behavior
POST <ENDPOINT>
Authorization: Splunk <TOKEN>
Content-Type: application/json
{
"event": {
"...": "...",
},
"sourcetype": "json",
"source": "<log.source>",
"host": "<log.host>",
"time": "<timestamp>",
}