Ironstream supports "RAW" end point when it sends data to Splunk using HTTP/s protocol. HTTP when used along with "RAW" endpoint will give a similar behavior as using TCP protocol. Ironstream can send data to Splunk via either the HTTP or TCP protocol. When Ironstream sends data to Splunk via TCP, Splunk indexes the data based on any date time field in the record, using any known universally accepted timestamp format, as described in the KBA for SDF21GE.