Actually I need all the event changes from Splunk forwarders(Universal and Heavy both) into a third party system, so I am using a java socket connection to get all the event changes in raw form, for that, I have added sendCookedData = false in outputs.conf configuration file under $SPLUNK_HOME/etc/system/local/. But as a downside of this change, I am not getting any metadata such as host, source, and source type, etc.
But I need these metadata in my application. Is there any way to get these metadata when we are forwarding the event changes to a third party system in raw form?