That makes sense. Thank you for replying. Do you have an example splunk_metadata.csv file? The Splunk documentation mentions separating items by vendor/type, but they do not mention where to find those.
... View more
Did you ever figure out a solution to this? Running into the same problem. Seems that there is an issue with where the HEC key points, and the actual index that gets populated.
... View more