Hi,
I configured Http Event collector(EC) in my local through GUI (generated token,created index and source type) and in the backend splunk_httpinput app local got created with inputs.conf.
[http://test]
disabled = 0
index = testindex
indexes = testindex
source = testtt
sourcetype = testst
token = 8111111111111*********
and from command prompt if I run the below curl command
C:\Program Files\cURL>curl -k http://localhost:8088/services/collector/event -H "Authorization: Splunk 8111111111111*********" -d "{\"event\":\"Breakfast Order\"} {\"event\":{\"coffee\":\"double cream double sugar\",\"muffin\":\"blueberry\",\"juice\":\"none\"}}" I can see the events in searchhead.
My question is how to override the sourcetype and index. through curl commands?
↧