Falcon LogScale Collector

The Falcon LogScale Collector is the native Falcon LogScale Collector which can be used to collect and send events to a LogScale repository. The LogScale Collector uses LogScale ingest tokens to route data to the relevant repositories.

The current version of Falcon LogScale Collector:

Is available on Linux and Windows
Offers Fleet Management which allows you to centerally manage multiple instances of LogScale Collector
Collects from the following sources:
- Command Sources
- Windows Event Sources
- File Sources
- Linux Sources
- Syslog Sources
- JournalD Sources
@collect.* metadata attached to the events including unique collector ID, hostname, @collect.timestamp etc
Buffers in memory
Sends data to LogScale instance based on ingest token or environment variable
Offers a sub-second ingest lag between a line being written and sent to LogScale (configurable)
Offers network compression which defaults to ON
Supports HTTP(S) proxies.

Refer to the following documentation for more information on the LogScale Collector:

LogScale Collector Releases for more information on releases.
Installing LogScale Collector on Linux for details on how to install on Linux.
Installing LogScale Collector on Windows for details on how to install on Windows.
Configuring LogScale Collector describes how to make changes to the configuration.
LogScale Collector Configuration Elements reference documentation for the configuration file.
Sources and Examples A set of example configuration files and source specific reference.

See the following sections for more information on:

Falcon LogScale Documentation

Introduction and Overview

Reference Information

Knowledge Base

LogScale Notices

Release Notes

LogScale Training

Falcon LogScale Collector

Enter search term