How do I send an event to splunk using the splunk_hec_logs sink but keep metadata as metadata?

[bcronrath]

What I mean is, if I have an input that sends something like:
{
"event":"bunch of log data here",
"index":"index here",
"sourcetype":"sourcetype here"
}
How do I get it so the index and sourcetype and only sent as metadata, and not part of the event itself that makes it into the splunk event? For example, using one of splunk docs examples:

curl "https://mysplunkserver.example.com:8088/services/collector?channel=00872DC6-AC83-4EDE-8AFE-8413C3825C4C"
-H "Authorization: Splunk CF179AE4-3C99-45F5-A7CC-3284AA91CF67"
-d '{"event": "Hello, world!", "sourcetype": "manual"}'

This would show up in splunk just as "hello, world!" and the metadata for sourcetype would be set to "manual", but if I send this through the vector splunk_hec_logs sink, I would get an event that is literally that whole json blob {"event": "Hello, world!", "sourcetype": "manual"}

[satellite-no]

the Splunk HEC logs sink has fields you can use to define. the metadata so if you had an event in vector that is

{
"message":"this is a tomato",
"index":"veggies",
"sourcetype":"tomato"
"timestamp": "2024-05-05T12:12:12Z"
}

and the splunk hec sink was

sinks:
  my_sink_id:
    type: splunk_hec_logs
    encoding:
      codec: text
    inputs:
      - my-source-or-transform-id
    compression: none
    endpoint: https://http-inputs-hec.splunkcloud.com
    endpoint_target: event
    index: "{{ index }}"
    sourcetype: "{{ sourcetype }}"
    timestamp_key: timestamp

it would send the value of .message to the index veggies, with a sourcetype of tomato.