It's possible to specify that a parsers ingesta data into multiple repositories.

It can be useful to ship all data to one parser and have that parser ship data to many different repositories. For example if logs are being sent from a single source, it is possible to setup one parser that can parse all events from this source and decide which repositories to send events to.

If the Humio configuration variable ALLOW_CHANGE_REPO_ON_EVENTS is set to true, then Humio allows ingest to any repository specified by the repo tag. The repo tag can be set by adding repo as a tag and setting the repo field in the parser, or by setting #repo on the endpoints supporting setting tags directly (e.g., the HEC endpoint). The ingest token used must be valid for the repository a request is made against, but allows redirecting through the repo tag to any other repository. If the named repo does not exist then the event remains in the repo designated by the ingest token.

This is a potential security issue on a public API endpoint, so this option should only be used inside a trusted environment.