@gcusello I have two source fields, One from the Splunk configuration(static throughout) and another from the logs which I am forwarding(dynamic data) , both are getting merged into a single field. I just want to hide the configuration data, i.e http:kafka here from the source
... View more
I have two source fields, One from the Splunk configuration(static throughout) and another from the logs which I am forwarding(dynamic data) , both are getting merged into a single field. I just want to hide the configuration data, i.e http:kafka here from the source
... View more
I am using HEC to push the data to Splunk, and in the HEC we have a field Source, And the log which I am forwarding to Splunk too have a field name Source.
The issue I am facing is, that both the source name gets merged and on each log, I can see the same, two values for the source.
I don't want to change the field of my log, Is there a way I can change something on HEC?
... View more