I am configuring an HTTPJSON Input from Fleet using the UI and doing a POST on a REST endpoint. I need to send a body in the request. The documentation isn't too clear about the format it should be in inside the request body field in the UI. The name/value fields I need to submit in the HTTPJSON request body from the UI are:
search=search index=phantom_container earliest=-7d | head 100 | addinfo
output_mode=json
The endpoint the HTTPJSON Input hits is Splunk's search API and I am trying to ingest the JSON response from the Splunk search in Elasticsearch
Thanks for your help.
Hani