Help with Google Chronicle Configuration for Non-Default Log Sources #17284
-
|
Would anyone happen to have a Google Chronicle configuration that I could use as a reference? I'm uncertain about how to utilize the sink for sources that don't employ a default parser. For instance, I obtain logs from a SaaS product using an HTTP GET request. In situations where there is no default supported parser or log type, how would I push those logs? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Unless I am misunderstanding your question, I think this is more a question that needs to be directed at Chronicle. I believe you will need to setup a parser there that can parse your logs. It looks like this could be a useful starting point. There are things you can do in Vector using the Remap transform to modify your data if you need to structure it in a way that can make it easier to parse in Chronicle. That will very much depend on what the current structure is, if you have any questions after reading the docs, please ask. |
Beta Was this translation helpful? Give feedback.
Unless I am misunderstanding your question, I think this is more a question that needs to be directed at Chronicle. I believe you will need to setup a parser there that can parse your logs. It looks like this could be a useful starting point.
There are things you can do in Vector using the Remap transform to modify your data if you need to structure it in a way that can make it easier to parse in Chronicle. That will very much depend on what the current structure is, if you have any questions after reading the docs, please ask.