This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

FLUENTD Logs Uploaded by forwarder not showing on Chronicle

Posted on 11-18-2023 04:07 PM
zunni27
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi All,

I recently tried to do a PoC of chronicle SIEM and after setting up a forwarder to send logs collected by a fluentd aggregator to chronicle, i can't find the logs on Chronicle. I used the steps described here: https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-fluentd#configure-fluentd
 
Here's the log output from the forwarder which shows the logs being uploaded. What could i be doing wrong?

zunni27_0-1700348684747.png

 

 

Solved Solved
0 1 248
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
lukas-lr
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi zunni27,

Where in Chronicle are you looking for the logs? Is the data type for selection available in raw log search and have you tried searching there with "." as regex?

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
lukas-lr
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi zunni27,

Where in Chronicle are you looking for the logs? Is the data type for selection available in raw log search and have you tried searching there with "." as regex?

Jump to Solution
Top Solution Authors
View all