This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

ingest logs that are not supported

Posted on 11-03-2024 05:46 PM
Jay_Tee
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi Experts,

Are we able to ingest logs that are not indicated in the log type?

https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers

 

1 4 243
Topic Labels
4 REPLIES 4

Posted on --/--/---- --:-- AM
dnehoda
Staff
Reply posted on --/--/---- --:-- AM

No you cannot - misspoke on my last post 

0 Likes

Posted on --/--/---- --:-- AM
Jay_Tee
Bronze 3
Bronze 3
In response to dnehoda
Reply posted on --/--/---- --:-- AM

Jay_Tee_0-1730694526650.png

Base on the screenshot, which log type selection should I select?

0 Likes

Posted on --/--/---- --:-- AM
jstoner
Staff
Reply posted on --/--/---- --:-- AM

Every log source needs to be assigned to a log type. By default that log type is then associated with a default parser. That parser can be overridden either through a parser extension or a bespoke parser that a customer/parter crafts. 

if you need a log type that is not listed you can open a ticket and request a new log type to be created. 

Hope this helps!

Posted on --/--/---- --:-- AM
deeshu
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Ingest- yes you can. Use any log_type which you think can match at some extent. This is not advisable approach but you can adopt it if you don't have the time to wait to get the appropriate log_type created from Support, then integrate, and then start creating the custom parser.

Top Solution Authors
View all