This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
This is my fix for the parser, please try this one.In general ; 1. You
did not escape the characters "[" and "]" properly, you would need to
test the parsre in Chronicle SIEM parser after testing in GROK debugger
as there are some differences.2. Some...
Hi @ziobill ,The first problems I noticed are ;1. #on_error =>
"match_error" , you are using this tag in the next line so you need to
un-comment this line.2. Many of the "replace" statements should not be
used with the repeated UDM fields like
event....
Hi @cahehay553 ,The options I know are ;1. You could configure your ETL
tools to push the logs to GCP/S3 buckets -among other options- that
Chronicle could ingest from, the list of Chronicle-supported feeds are
listed
here.https://cloud.google.com/ch...
Hi @Aravind3 I think it could be easier to do so if you have Data
Firehose, There is no direct Chronicle SIEM ingestion from Kinesis, but
with Data Firehose you could define multiple destinations and it is
supported by Chronicle SIEM, but this could ...