Hi Community,
Did anyone try to ingest a completely custom log data to Chronicle SIEM?
I mean log data which does not fall under any log sources (JSON, KV, etc.) and does not fall under any log types (Azure AD, Linux Auditing System (AuditD), etc.)?
I can write a parser after ingestion, but it is not too clear how to inject data which cannot be attached to any of current categories (log sources or log types).
P.S. Log data type was created without consideration of existing log types and sources.
Solved! Go to Solution.
Hi aivaras,
Please submit a support case for the creation of a new log type. That new log type can be internal to your Chronicle instance. Once the new log type has been set up, you can configure ingestion and then build a custom parser.
Chris
Hi aivaras,
Please submit a support case for the creation of a new log type. That new log type can be internal to your Chronicle instance. Once the new log type has been set up, you can configure ingestion and then build a custom parser.
Chris