Utiliza el destino Google Chronicle de Observability Pipelines para enviar logs a Google Chronicle.

Configuración

Configura el destino Google Chronicle y sus variables de entorno cuando configures un pipeline. La siguiente información se configura en la interfaz de usuario del pipeline.

Configurar el destino

To authenticate the Observability Pipelines Worker for Google Chronicle, contact your Google Security Operations representative for a Google Developer Service Account Credential. This credential is a JSON file and must be placed under DD_OP_DATA_DIR/config. See Getting API authentication credential for more information.

To set up the Worker’s Google Chronicle destination:

1. Enter the customer ID for your Google Chronicle instance.
2. Enter the path to the credentials JSON file you downloaded earlier.
3. Select JSON or Raw encoding in the dropdown menu.
4. Enter the log type. See template syntax if you want to route logs to different log types based on specific fields in your logs.

Note: Logs sent to the Google Chronicle destination must have ingestion labels. For example, if the logs are from a A10 load balancer, it must have the ingestion label A10_LOAD_BALANCER. See Google Cloud’s Support log types with a default parser for a list of available log types and their respective ingestion labels.

Configurar las variables de entorno

• Google Chronicle endpoint URL:
  • Stored in the environment variable: DD_OP_DESTINATION_GOOGLE_CHRONICLE_UNSTRUCTURED_ENDPOINT_URL.

Cómo funciona el destino

Procesamiento de eventos por lotes

Un lote de eventos se descarga cuando se cumple uno de estos parámetros. Consulta procesamiento de eventos por lotes para obtener más información.