eventkey in the payload sent to the HEC. It will also append the time of the record to a top level
Splunk_Send_Raw Onin the plugin configuration, and add the metadata as keys/values in the record. Note: with
Splunk_Send_Rawenabled, you are responsible for creating and populating the
eventsection of the payload.
splunk_send_rawhas been enabled, the user must take care to put all log details in the event field, and only specify fields known to Splunk in the top level event, if there is a mismatch, Splunk will return a HTTP error 400.
Splunk_send_rawoption being enabled and formatting the message properly. This includes three specific operations
metric_name:to all metrics