Sources (sources)

The sources block configures the sources of the data that the LogScale Collector will send to LogScale.

The MySourceName is a top level element which contains each of your source configurations.

Table: Source

ParameterTypeRequiredDefault ValueDescription
parserstringoptional[a]   Specify the parser within LogScale to use to parse the logs, if you install the parser through a package you must specify the type and name as displayed on the parsers page for example linux/system-logs:linux-filebeat.If a parser has been assigned to the ingest token you are using this will be ignored.
sinkstringrequired   Name of the configured sink that will receive the collected events.
transformstransformoptional[a]   The transforms parameter allows you to add fields or to filter data before it is ingested. See Use Transforms for more information.
typesourcetyperequired   The sources block configures the sources of data that the log collector will send to Falcon LogScale.
   Values
   cmdCommand based source, for more information see Configuration Examples.
   fileFile based log source, for more information see Configuration Examples.
   internalInteral source is required for Multi-destination sinks, for more information see Configuration Examples.
   journaldJournal source, for more information see Configuration Examples.
   syslogSyslog event source, for more information see Configuration Examples.
   syslog_tlsSyslog over TLS, for more information see Configuration Examples.
   unifiedlogmacOS log source, for more information see Configuration Examples.
   wineventlogWindows Event log source, for more information see Configuration Examples.

[a] Optional parameters use their default value unless explicitly set.


The elements listed in this table apply to all source types, for information on specific sources see the relative sections in Configuration Examples