We are sending data to the HTTP Event Collector raw endpoint from multiple systems, but we have no control over the data itself (coming from a third party). We are generating arbitrary channel identifiers for each system, but when we query the data the channel identifier is not present. Unfortunately the data itself does not provide a simple way to determine the system. The system name is sent in a special header, but I doubt the HEC is inspecting that header and I could find no documentation about HEC using headers other than the ones it specifies.
Is there a way to get either the channel identifier or an arbitrary header value used so we can determine which determine which system is sending the data and distinguish between the many systems using the HEC to send data?
... View more