I would like to forward data between two splunk instances in clear text. For that I use HEC. This is my outputs.conf .
httpEventCollectorToken = <HEC_TOKEN>
uri = http://hec_target:8088
I would like to inspect the events with a third party application, but they appear to be encoded in s2s. Also this configuration sends the events to the /services/collector/s2s endpoint, which is not the same one would forward clear text (JSON) events to. Is there any way to send the events in a readable format?
I am aware there is syslog output. I would try it if there is no possibility to change the HEC output accordingly.