Yes, I am trying to collect events via HEC. Splunk is smartly formatting the timestamp, issue is that each exception form docker is getting posted as a separate event on a new line preceded by a containerid. My main doubt is that does props.conf on HF get picked up for HEC collector/event endpoint? I read on my other answers on this forum that /event endpoint doesn't pickup props and transforms processing.
... View more