Merge pull request #391 from VirtualMetric:DT-576-audit-getting-started-section

DT-576-Audit and fix Getting Started section (9 files, 42 errors)

Author: KorayErkan

docs/getting-started/add-first-device.mdx …etting-started/add-your-first-device.mdxdocs/getting-started/add-first-device.mdx renamed to docs/getting-started/add-your-first-device.mdx docs/getting-started/add-first-device.mdx renamed to docs/getting-started/add-your-first-device.mdx

@@ -1,3 +1,8 @@
+---
+title: Add Your First Device
+description: Create a Syslog device to start collecting data in your DataStream pipeline.
+---
+
 # Add Your First Device
 
 ## What is a Device?
@@ -9,8 +14,6 @@ A Device represents your data source in DataStream. It defines how DataStream re
 - **TCP/UDP streams** - Custom protocols and data feeds
 - **Cisco eStreamer** - Real-time security intelligence from Cisco devices
 
-Devices are categorized as either **Push** (they listen for incoming data) or **Pull** (they actively collect data using agents).
-
 ## Choosing Your Device Type
 
 For this getting started guide, we'll create a **Syslog Device** because:
@@ -33,25 +36,25 @@ For this getting started guide, we'll create a **Syslog Device** because:
    - **Name**: "My First Syslog Device"
    - **Description**: "Learning syslog collection"
    - **Tags**: Leave blank for now
-   - **Device Status**: Ensure the toggle is **enabled** (blue)
+   - **Device Status**: Ensure the toggle is set to **Enabled**
    - **Director(s) for the Device**: Select the Director you created earlier
-   - **Preprocessing pipeline**: Leave blank for now
+   - **Pre-processing pipeline (Optional)**: Leave blank for now
    - Click <gui>Next step</gui>
 
 4. **Configure Protocol Settings** (Second Tab)
    - **Authentication Protocol**: UDP (default - most common)
    - **IP Address**: 0.0.0.0 (listens on all network interfaces)
-   - **Port**: 514 (standard syslog port)
+   - **Port**: 514 (standard syslog port - you can assign any port you want)
    - Click <gui>Next step</gui>
 
-:::info Important
-Make sure port 514 is open for inbound traffic on your network and firewall. This allows syslog sources to send data to your DataStream device.
+:::note
+The device listener runs on your **Director host**. The IP address `0.0.0.0` means it accepts connections on all network interfaces of that server. Configure your syslog sources to send data to your Director's IP address on port **514**.
 :::
 
 5. **Advanced Configuration** (Third Tab)
    - You can accept all the default values for now:
      - **Socket address reuse**: Enabled
-     - **Max Connections**: 1000
+     - **Max Connections**: 10000
      - **Timeout**: 300 seconds
      - **Max Message Size**: 20 MB
      - **Buffer Size**: 9000 bytes
@@ -69,15 +72,22 @@ Your device should now appear in the Syslog devices table with:
 
 Want to verify your device is working? You can send a test syslog message:
 
-**Linux/macOS:**
-```bash
-logger -n <your-server-ip> -P 514 "Test message from DataStream setup"
-```
-
-**Windows PowerShell (requires syslog client):**
-```powershell
-# Use your preferred syslog testing tool or install one like "Posh-Syslog"
-```
+<Tabs>
+  <TabItem value="powershell" label="PowerShell" default>
+    ```powershell
+    Send-SyslogMessage -Server <your-server-ip> -Message "Test message from DataStream setup" -Severity Informational -Facility User
+    ```
+
+    :::note
+    Requires a syslog module such as [Posh-Syslog](https://www.powershellgallery.com/packages/Posh-SYSLOG). Install with `Install-Module Posh-SYSLOG`.
+    :::
+  </TabItem>
+  <TabItem value="bash" label="Bash">
+    ```bash
+    logger -n <your-server-ip> -P 514 "Test message from DataStream setup"
+    ```
+  </TabItem>
+</Tabs>
 
 You won't see the processed data yet because we haven't set up a Target or Route, but your Director logs should show the message was received.
 
@@ -106,4 +116,4 @@ You won't see the processed data yet because we haven't set up a Target or Route
 
 Your device is now listening for data. Next, we need to configure where that data should go by creating a Target.
 
-**Next:** [Configure Your First Target](configure-first-target) to define where your processed data will be stored.
+**Next:** <Topic id="getting-started-configure-your-first-target">Configure Your First Target</Topic> to define where your processed data will be stored.

docs/getting-started/configure-first-target.mdx

@@ -0,0 +1,95 @@
+---
+title: Configure Your First Target
+description: Create a File target to store processed data from your DataStream pipeline.
+---
+
+# Configure Your First Target
+
+## What is a Target?
+
+A Target defines where your processed data goes after **DataStream** transforms it. Common target types include:
+
+- **File** - Saves data to JSON, Avro, Parquet, or MultiJSON file formats
+- **Microsoft Sentinel** - Sends security data to Microsoft's cloud SIEM platform
+- **Azure Blob Storage** - Archives data for long-term retention and compliance
+- **Azure Data Explorer** - Enables real-time analytics and dashboard creation
+
+For this guide, we create a **File Target** because it is simple to verify and understand.
+
+## Create Your File Target
+
+1. **Navigate to Targets**
+   - From the sidebar: **Fleet Management** > **Targets**
+   - Click the <gui>File</gui> card
+
+2. **Start Target Creation**
+   - Click <gui>Add new File target</gui>
+   - The target creation form opens with three tabs
+
+3. **Configure General Settings** (First Tab)
+   - **Name**: "My First File Target"
+   - **Description (Optional)**: "Learning file output for getting started"
+   - **Target Status**: Ensure toggle is set to **Enabled**
+   - **Post-processing pipeline (Optional)**: Leave blank for now
+   - Click <gui>Next Step</gui>
+
+4. **Configure File Properties** (Second Tab)
+   - **Location**: Enter a directory path where you want files saved:
+     - **Linux/macOS**: `/opt/datastream/output` or `/home/username/datastream`
+     - **Windows**: `C:\DataStream\Output` or `D:\Logs\DataStream`
+
+   :::note
+   This path refers to a directory on your **Director host**, not your local machine. Verify the directory exists on the server where your Director is installed.
+   :::
+   - **File name**: `logs-{{.Year}}_{{.Month}}_{{.Day}}.json`
+   - **Type**: JSON (default)
+   - **Field Format (Optional)**: Leave as default
+   - Leave other fields at their defaults
+   - Click <gui>Next Step</gui>
+
+:::caution
+Ensure the directory you specify in **Location** exists and **DataStream** has write permissions. Create the directory beforehand if it doesn't exist.
+:::
+
+5. **Skip Execution Settings** (Third Tab)
+   - Leave all defaults (scheduling and debugging settings)
+   - Click <gui>Add target</gui>
+
+## Understanding File Naming
+
+The file name template `logs-{{.Year}}_{{.Month}}_{{.Day}}.json` uses dynamic fields:
+
+- `{{.Year}}` - Current year (e.g., 2026)
+- `{{.Month}}` - Current month (e.g., 01, 02, 12)
+- `{{.Day}}` - Current day (e.g., 01, 15, 31)
+
+This pattern automatically rotates files daily, making them easier to manage and archive.
+
+## Verify Your Target
+
+Your target should now appear in the File targets table with:
+
+- **Status**: Enabled
+- **Location**: Your specified directory path
+- **Type**: JSON
+
+## File Format Options
+
+The File target supports four output formats:
+
+- **JSON** (default) - One record per file, widely supported
+- **MultiJSON** - Multiple records per file, efficient for high-volume data
+- **Avro** - Binary format with embedded schema, supports compression
+- **Parquet** - Columnar format, optimized for analytics and compression
+
+:::note
+Compression options (zstd, snappy, gzip) are available only for Avro and Parquet formats.
+:::
+
+For detailed configuration of all target types, see <Topic id="targets-overview">Target Configuration Guide</Topic>.
+
+## What's Next?
+
+Your target is ready to receive processed data. Now we need to install processing logic that will transform your raw data into a useful format.
+
+**Next:** <Topic id="getting-started-install-content-from-content-hub">Install Content from Content Hub</Topic> to add pre-built data processing pipelines.