PowerSchill
commented
8 years ago HEC spec from http://dev.splunk.com/view/event-collector/SP-CAAAE6M
{ "time": 1426279439, "host": "localhost", "source": "datasource", "sourcetype": "txt", "index": "main", "event": { "hello": "world" } }
Right now only the event field is being sent to Splunk. Instead we should be using the HTTP Event Collector specification and send time, source, sourcetype, etc.
This will fix the issue with the Splunk time not matching the actual record.