Ingesting FDR Data

Humio can ingest Falcon Data Replicator (FDR) data into Humio without having to configure log shippers.

Ingesting FDR data can be used with self-hosted Humio clusters. For cloud customers, please contact the support team.

Important

Non-FDR data should not be ingested into an FDR repository.

To configure FDR ingest:

Once the data has been ingested, you can examine the information using Ingesting FDR Data to a Repository.

Getting Insights Out of Your FDR Data

Once you have some FDR data ingested into Humio, you can use the Humio query language and other assorted features to get a deeper insight into your data.

In addition to containing the FDR parser the crowdstrike/fdr package also contains various queries, dashboards and alerts that can help you get started on getting insights from your FDR data.

Metric

The number of events ingested per feed per repository can be seen in the metric Humio Metrics.