Journal Source
yaml
sources:
  journal:
    # Example for reading journald log data (linux only)
    type: journald
    sink: my_humio
    # Optional. If not specified collect from the local journal
    directory: /var/log/journal
    # If specified only collect from these units
    includeUnits:
      - systemd-modules-load.service
    # If specified collect from all units except these
    excludeUnits:
      - systemd-modules-load.service
    # Default: false. If true only collect logs from the current boot
    currentBootOnly: false
sinks:
  my_humio:
    type: humio
    token: <ingest-token-repo2> or an environment variable
    url: https://cloud.us.humio.com
    compression: gzip
    compressionLevel: 9
    tls:
      insecure: false

        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
      caFile: /etc/ssl/cert.pem

    proxy: none

    queue:
      fullAction: deleteOldest
      memory:
        flushTimeOutInMillisecond: 200
        maxLimitInMB: 1024

Table: Journal Source

ParameterTypeRequiredDefault ValueDescription
currentBootOnlybooleanoptional[a] false If true only collect logs from the current boot.
directorystringoptional[a]   Allows you to specify the journal directory to collect from, if not specified collects from the local journal.
excludeUnitsarray of stringsoptional[a]   If specified the LogScale Collector will not collect from these units.
includeUnitsarray of stringsoptional[a]   If specified the LogScale Collector will only collect from these units.
parserstringoptional[a]   Specify the parser to use to parse the logs, if you install the parser through a package you must specify the type and name as displayed on the parsers page for example linux/system-logs:linux/system-logs.If a parser is assigned to the ingest token this parser will be ignored.
sinkstringrequired   Name of the sink, which you configured in sinks, that should be sent the collected events.
transformstransformoptional[a]   Specify transforms to use for this source (optional), see All sources: How to use Transforms for information on how to use transforms.
typejournaldrequired   The sources block configures the sources of data that the log collector will send to Falcon LogScale.

[a] Optional parameters use their default value unless explicitly set.