Finally got it working. Apparently I wasn't as thorough as I expected before. Core issue I had was that the index actually didn't exist on the SHC, and that apparently when I checked for both that and originally sending to main I was just wrong. I did try to add in some more details in the logevent.py, to add in the full response and not just the error code, but never got that working properly. The script would run, but never actually spit out my added stderr message to splunkd.log like it did the error code.
... View more