In this tab, you can define the following event properties and options, as described in the table below.
| Option | Description |
|---|---|
| Index to write to | Specifies the Splunk index where the events are stored. Usually, this is the main index. Check your Splunk server for a list of available indices. This field can be a parameter with incoming fields (?{<Field>}) or transformation parameters (${Parameter}). |
| Host | Indicates the hostname of the original event host. If you want to gather data from a router and write it to Splunk, use the router's host name. This field can be a parameter with incoming fields (?{<Field>}) or transformation parameters (${Parameter}). |
| Source type | Indicates the format type of the event data. The list of known source types appears here. To define a new format, follow these instructions. |
| Source | Indicates the source of the event data. See Splunk documentation for more details. |
| Custom Splunk event | If checked, enables the Splunk Event Data option and allows you to customize the data coming into Splunk. This is useful if you want to write a different format than the default, which is name value pairs separated by newline characters. |
| Splunk Event Data | Allows you to specify customized event text. This field can be a parameter with incoming fields (?{<Field>}) or transformation parameters (${Parameter}). |