Splunk · JSON Structure

Splunk Enterprise Rest Hec Event Structure

Type: object Properties: 7
AnalyticsData AnalysisLoggingMachine DataMonitoringObservabilityPlatformSecuritySIEM

HecEvent is a JSON Structure definition published by Splunk, describing 7 properties. It conforms to the https://json-structure.org/draft/2020-12/schema meta-schema.

Properties

time host source sourcetype index event fields

Meta-schema: https://json-structure.org/draft/2020-12/schema

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/draft/2020-12/schema",
  "name": "HecEvent",
  "type": "object",
  "properties": {
    "time": {
      "type": "string"
    },
    "host": {
      "type": "string"
    },
    "source": {
      "type": "string"
    },
    "sourcetype": {
      "type": "string"
    },
    "index": {
      "type": "string"
    },
    "event": {
      "type": "string"
    },
    "fields": {
      "type": "object"
    }
  }
}