Are you sure? It didn't work.
I appended the key value pairs in the REST API endpoint url. I appended the source and sourcetype and they appear during the search, but not the additional fields that i created.
If you format the content of your log message using key=value pairs, then Splunk will automatically extract these at search time. This log message gets sent in the body of the REST HTTP Request.
The url argument key=value pairs are for defining Splunk meta data fields(index, source, sourcetype, host, host_regex)
The Splunk Java Logging Framework provides a useful interface to make it easier to create best practice log messages and integrate with your preferred logging framework ie: there are log4j, logback appenders that will seamlessly handle logging to the SPLUNK RestEndpoint. Download it and look at the examples.
You could format it any way you want. Splunk only extracts keys and values automatically if they follow the key=value standard, but if you format it differently it's just a matter of creating field extractions for your specific log format instead.
I have been looking through logback and i would like to ask for the log message formatted with key=value pairs, they are sent to the Splunk endpoint by socket appenders. Is that right?