Mmm, I guess I was confused by the statement
Though HTTP Event Collector accepts only JSON-formatted event data packets, the event data payload can be in any format you want, as long as it is surrounded by curly brackets.
from the documentation, as HEC supports raw data too. I removed the path from the url and now I get JSON data in my index, but the message properties elements are odd in that the message contains all the csv key value pairs, e.g.
message: i_gid="T Walker",i_vu=1,i_chn=wha,i_hostset=prod,i_sid=walker,i_it=1,j=NSW,mn=NAME1,dt=2018-01-02,rt=R,rn="NAME2",rnum=8,rrn="NAME3",rrnum=16,rfxw=101.0,rfxp=16.8,rpmw=32.0,rpmp=11.0,i_tx=Runner,i_status=0
but the properties only contains
properties: { [-]
i_chn: wha
i_gid: T Walker
i_hostset: prod
i_it: 1
i_sid: walker
i_vu: 1
}
I don't understand why it's only got some of the KV pairs as properties and not all of them
... View more