Open lilgreenwein opened 7 years ago
Starting with version 6.5, Splunk has added a top level object - parallel to "event" - called "fields". Reference:
http://dev.splunk.com/view/event-collector/SP-CAAAFB6
Right now the kafka-connect-splunk sink puts all consumed data under the "event" object. Adding support to populate the "fields" object (with JSON data of course) would enable the sink to specify indexed field extractions
Starting with version 6.5, Splunk has added a top level object - parallel to "event" - called "fields". Reference:
http://dev.splunk.com/view/event-collector/SP-CAAAFB6
Right now the kafka-connect-splunk sink puts all consumed data under the "event" object. Adding support to populate the "fields" object (with JSON data of course) would enable the sink to specify indexed field extractions