The user guide section for the om_http module explains:
Each event is transferred in a single POST request.
When https is used, is the TLS handshake also performed for each event? This seems like it would be quite inefficient.
Are there any plans to support bulk / batch exporting of many events in a single http post, specifically for exporting data to the Splunk HEC?
rsyslog and syslog-ng support batch exporting events to Splunk using the external python script omsplunkhec.py, as explained here:
NXLog supports batch exporting events to Elasticsearch using their bulk API: