Ingest Tokens
Security Requirements and Controls
Change Ingest tokens
permission
Tokens are used to provide authentication for ingesting data into LogScale. An Ingest Token is a unique string that identifies a repository and allows you to send data to that repository.
You need to Generate a New Repository Ingest Token and then use the token when configuring data ingestion to your repositories, see Third-Party Log Shippers or Ingest API for details on how they are used in different ingest methods.
Ingest Tokens can only be used to ingest data; you cannot use them to query LogScale, log in, or read any data.
Note
As of 1.77 you can no longer list ingest tokens for system repositories using GraphQL, the following message is returned You don't have permission to read ingest tokens.
Figure 65. Ingest Tokens
Ingest tokens are tied to a repository not a user. This provides a better way of managing access control and is more convenient for most use cases. For example, if a user leaves the organization or project, you do not need to re-provision all agents that send data with a new token. You also don't have to create fake user accounts.
Additionally LogScale provides the possibility to generate Personal API Tokens which are user specific tokens that can be used for administration tasks. Personal API Tokens cannot be used to ingest data.
Tokens Supporting Ingest
LogScale supports different tokens to provide security across the cluster. Different tokens allow the ingestion of data, but how and where the data is ingested differs:
Repository Ingest Token
A Repository Ingest Token is associated with a specific repository and parser. When using this token data can be ingested directly to the repository. When using this token the data will only be ingested to the associated repository.
To create a Repository Ingest Token, see Generate a New Repository Ingest Token.
An Organization API Token can be used to ingest data into repositories when the token has the
Ingest across all repositories within organization
permission. This allows for data to be ingested to a repository with the repository specification provided in the event data when using HTTP Event Collector (HEC). For more information, see HTTP Event Collector (HEC). For more information, see Ingesting Data to Multiple Repositories for more information.
A comparison of the different tokens and capability are shown below:
Token Type | Repository Target | Ingest to Multiple Repositories | Ingest to System Repositories | Ingest to Sandbox Repository |
---|---|---|---|---|
Repository Ingest Token | Specific Repository | No | Yes | Yes |
Organization API Token (with
Ingest across all repositories within organization permission)
| Any (driven by event data or log shipper) | Yes | No | No |
Generating Ingest Tokens and Assigning Parsers
From the repository's Settings
page you
can manage ingest tokens and assign a parser to a token. For more
information on the actions you can perform from the repositories
settings page see
Basic Information.
Generate a New Repository Ingest Token
Select a repository from the repositories and views page and click Settings on the menu.
Figure 66. Generate Token
To add a token to this repository, click Ingest tokens under Ingest.
Click
. You will be prompted to provide a token name to identify the token. You may want to use this to identify the token you have assigned to a specific host, data source, log type or other identifier.You can optionally set an Assigned Parser by selecting a parser from the pop-up list. For more information on parsers see Parsing Data.
Click
.
Edit a Token
You can edit the parser assigned to a token by editing a token.
Select a repository from the repositories and views page and click Settings on the menu.
To edit a token, click Ingest tokens under Ingest.
Figure 67. Editing an Existing Token
Click the three dots ⋮ icon next the token you want to edit and click . Editing the token allows you to modify the assigned parser. For more information, see Assigning Parsers to Ingest Tokens. Once you have made the required changes click .
Delete a Repository Token
You can delete a token but note that deleting the token will prevent any existing ingest processes using that token to ingest data to LogScale.
Select a repository from the repositories and views page and click Settings on the menu.
To delete a token, click Ingest tokens under Ingest.
Click the three dots icon next the token you want to delete and click
. Click to permanently delete the token.
Custom Tokens
We highly recommended you use automatically generated tokens whenever possible, but custom ingest tokens can be useful in cases where you already have a token in use and want LogScale to accept it, or where the log shipper requires tokens in a format that is not compatible with the ones automatically generated by LogScale.
Generally, ingest tokens should be sufficiently complex such that they are not easy to guess. When creating custom ingest tokens, it is your responsibility to ensure this.
To use custom tokens, the feature "CustomTokens" must first be enabled. This can be done by making the following GraphQL mutation (see GraphQL API):
mutation {
enableFeature(feature: CustomIngestTokens)
}
Once enabled, root users can then create custom tokens via the GraphQL API:
mutation {
addIngestTokenV3(
input: {
repositoryName: "sandbox"
name: "MyIngestToken
"
parser: "kv"
customToken: "myCustomToken
"
}
) {
name
token
}
}
The response will indicate an error, or the token if one has successfully been created. For example:
{
"data": {
"addIngestTokenV3": {
"name": "MyIngestToken
",
"token": "myToken
"
}
}
}