fn hec_event_to_map(
event: Value,
query_table: Option<&str>,
) -> Option<(String, Value, Vec<String>)>Expand description
Maps one HEC event to (table, per-event map, tag names): time->timestamp,
index->table, host/source/sourcetype/fields->tags, event+rest->data.
None if the event isn’t a JSON object.