Global Log Receiver for Splunk. Currently the Splunk GLR appends "/services/collector/event" behind the scenes to what is configured in the "Splunk HEC Logs Endpoint" configuration. This prevents additional HEC parameters from being passed to the Splunk cloud.

One example is the parameter "?auto_extract_timestamp=true" which allows Splunk cloud to use the value in the json payload @timestamp to be what is used for indexing. Without this parameter Splunk cloud uses the time the message arrives at Splunk Cloud instead of the time the event actually happened.

Request is to make the "Splunk HEC Logs Endpoint" fully visible and configurable so that you can pass parameters. Making the full URI visible would also help with many current configuration issues where people are entering in the URI Path " /services/collector/event" which prevents logs to Splunk from working because XC appends that path behind the scenes.

So, ideally be allowed to put this as the HEC Logs Endpoint:

https://http-inputs.customer.splunkcloud.com/services/collector/event?auto_extract_timestamp=true