Configuration Elements
The Falcon LogScale Collector is configured via
.yaml file either manually on a
local
file or in centralized way via the
Config Editor.
The file is nested and the indention of the file is essential to the correct function of the Falcon LogScale Collector. The first level of the file is as follows, however the elements fleetManagement and datadirectory cannot be used in remote configurations.
| Element | Description | Contents |
|---|---|---|
flags
| Optional configuration flags which allow certain additional behaviors like communication over HTTP. |
See Optional Flags(flags).
|
fleetManagement
| The set of details required of the instance to work with fleet management, see Manage Your Fleet for more on fleet management. This section must not be specified when using remote configuration and can only be used to enroll instance in fleet management without remote configuration management. |
See Fleet Management (fleetManagement).
|
dataDirectory
| Defines the where the Falcon LogScale Collector will create its "database", e.g. database.db file. This path is automatically set when you install the Falcon LogScale Collector. |
The name of the file or path to the folder. See
dataDirectory.
|
sources
| This element allows you to define one or more data sources and a configuration for each data source including a sink for each source. There can only be one sources block per config file. | See Sources & Examples for more information and examples for different source types. |
sinks
|
Defines where the data will be sent and specifications on the
Queue (queue),
memory, compression, proxy configuration
|
See Sinks (sinks). Depending
on the source, a single or multiple sinks may be configured.
|