Hey,Is there any workaround to send uncooked data from Splunk HF to Cribl? (dest::Splunktcp)The issue is that the EB(Cribl) is not taking any effect (I'd read before it will be skipped by design limitations).tried to set sendCookedData = false but the data flow had stopped eventually, then added negotiateProtocolLevel = 0 but it didn't help, other trial was to use dest::tcp source but ingestion has stopped as well. Any ideas how we can overcome this scenario.
Question
Is there any workaround to send uncooked data from Splunk HF to Cribl?
Then how can it re-process them although it skips the EB in Cribl source
Is one event containing multiple events? That could be fixed. Is one event only containing parts of one event? That's something that can't really be fixed later
The latter unfortunately, thats why I'm not using the event breaker function in the pipeline
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.