WebsiteBlogLogin

Send data to Falcon LogScale

Onum to Falcon LogScale

See the changelog of this Data Sink type here.

Overview

Onum supports integration with Falcon LogScale.

With our Falcon LogScale Data Sink, you can send event data to Falcon LogScale via HTTP or HTTPS. It is an efficient and flexible way to ingest data into Falcon LogScale without the need for intermediary files or complex configurations. Events can be sent in either raw or JSON format.

Falcon LogScale Setup

You'll need to generate an ingest token in your Falcon LogScale instance, which will be required in the Onum setup. Follow these steps to generate the required LogScale ingest token:

1

Access LogScale, access the Repositories and views tab and select the relevant repository.

2

Click Ingest > Settings on the side menu and click Ingest tokens.

3

In the Ingest tokens page, click + Add token to add a token to this repository.

4

In the New token dialog box, enter a Token name to identify the token. You can optionally set an Assigned parser by selecting a parser from the list. For more information on parsers, see this article.

5

Click Save.

Learn more about LogScale ingest tokens in this article.

Onum Setup

1

Access Onum, go to the Data sinks area and click New data sink. Select the Falcon LogScale Data Sink from the list.

2

Enter a Name for the Data Sink. Then, enter your Instance URL (check your required URL in this article) and the Port number. Port 443 is required for the Falcon LogScale connection.

3

Click on the Token field and select New secret. In the window that appears, give your secret a Name and choose if you want to give a Expiration date to your token or not. Then, click Add new value and paste the token that you generated in LogScale (see the Falcon LogScale Setup section above). Click Save when you're done.

Learn more about Secrets in this article.

4

Now, select the token you have just created in the Token field.

5

In the Event format section, choose Raw.

6

Click Finish.

Pipeline configuration

When it comes to using this Data sink in a Pipeline, you must configure the following output parameters. To do it, simply click the Data sink on the canvas and select Configuration.

Output configuration

Parameter
Description

Message*

Select the field to include in the output message. The data type must be string.

Add fields

Optionally, you may include as many Key-Value pairs as required.

Parameter
Description

Field name*

Enter a name for the new field.

Value*

Select the field that contains the value data.

PreviousSend data to CrowdStrike productsNextSend data to Falcon Next-Gen SIEM

Last updated

Was this helpful?