In HTTP Event Collector, is it possible to send multiple events in one API call? I tried setting line break properties in props.conf, but unfortunately that did not help. Here's what my props.conf look like now:
[host::localhost]
SHOULD_LINEMERGE = false
LINE_BREAKER = \"event
#TIME_PREFIX = sstime\"\:
#MAX_TIMESTAMP_LOOKAHEAD = 10
#TIME_FORMAT = %s
Here's my curl call as an example:
curl http://example.com:8088/services/collector/raw?channel=HIDDENC0-FCH1-46HE-96HA-HIDDENFBC4AB -H 'Authorization: Splunk HIDDEN88-C2GC-4FE6-5982-B245881A8847' -d '{"event":{"host":"localhost","sourcetype":"txt","index":"b","SeqID":1,"TypeID":1,"Name":"test1","Detail":"test event1","Session":"1","Time":"2016/09/19 00:00:00"},"event":{"host":"localhost","sourcetype":"txt","index":"b","SeqID":2,"TypeID":2,"Name":"test2","Detail":"test event 2","Session":"2","Time":"2016/09/20 00:00:00"}}'
What am I doing wrong? How can I create 2 event entries in Splunk with one API call?
↧