Getting Data In

Getting metadata such as host, source, and source type when sendCookedData is set to false ?

dk30390
New Member

Actually I need all the event changes from Splunk forwarders(Universal and Heavy both) into a third party system, so I am using a java socket connection to get all the event changes in raw form, for that, I have added sendCookedData = false in outputs.conf configuration file under $SPLUNK_HOME/etc/system/local/. But as a downside of this change, I am not getting any metadata such as host, source, and source type, etc.
But I need these metadata in my application. Is there any way to get these metadata when we are forwarding the event changes to a third party system in raw form?

Tags (1)
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...