| time |
string |
Event timestamp in epoch time (seconds since 1970-01-01). If omitted, Splunk uses the current time. |
| host |
string |
Hostname or IP address of the event source |
| source |
string |
Source of the event |
| sourcetype |
string |
Source type for the event |
| index |
string |
Destination index for the event |
| event |
string |
The event data. Can be a string or a JSON object. This is the actual data payload to be indexed. |
| fields |
object |
Additional metadata fields to associate with the event. These fields are indexed as metadata and can be searched. |