# Send data to Falcon LogScale

{% hint style="info" %}
See the changelog of this Data Sink type [here](https://docs.onum.com/data-sinks/falcon-logscale-data-sink).
{% endhint %}

## Overview

Onum supports integration with Falcon LogScale.

With our **Falcon LogScale** Data Sink, you can send event data to Falcon LogScale via HTTP or HTTPS. It is an efficient and flexible way to ingest data into Falcon LogScale without the need for intermediary files or complex configurations. Events can be sent in either raw or JSON format.

## Falcon LogScale Setup

You'll need to generate an ingest token in your Falcon LogScale instance, which will be required in the Onum setup. Follow these steps to generate the required LogScale ingest token:

{% stepper %}
{% step %}
Access LogScale, access the **Repositories and views** tab and select the relevant repository.
{% endstep %}

{% step %}
Click **Ingest** > **Settings** on the side menu and click **Ingest tokens**.
{% endstep %}

{% step %}
In the **Ingest tokens** page, click **+ Add token** to add a token to this repository.
{% endstep %}

{% step %}
In the **New token** dialog box, enter a **Token name** to identify the token. You can optionally set an **Assigned parser** by selecting a parser from the list. For more information on parsers, see [this article](https://library.humio.com/data-analysis/parsers.html).
{% endstep %}

{% step %}
Click **Save**.
{% endstep %}
{% endstepper %}

{% hint style="info" %}
Learn more about LogScale ingest tokens in [this article](https://library.humio.com/falcon-logscale-cloud/ingesting-data-tokens.html).
{% endhint %}

## Onum Setup

{% stepper %}
{% step %}
Access Onum, go to the **Data sinks** area and click **New data sink**. Select the **Falcon LogScale** Data Sink from the list.
{% endstep %}

{% step %}
Enter a **Name** for the Data Sink. Then, enter your **Instance URL** (check your required URL in [this article](https://library.humio.com/falcon-logscale-cloud/endpoints.html)) and the **Port** number. Port `443` is required for the **Falcon LogScale** connection.
{% endstep %}

{% step %}
Click on the **Token** field and select **New secret**. In the window that appears, give your secret a **Name** and choose if you want to give a **Expiration date** to your token or not. Then, click **Add new value** and paste the token that you generated in LogScale (see the [Falcon LogScale Setup](#falcon-logscale-setup) section above). Click **Save** when you're done.

{% hint style="success" %}
Learn more about Secrets in [this article](/administration/global-settings/organization-settings/secrets-management.md).
{% endhint %}

<figure><picture><source srcset="/files/ZPrkv3iJptZ89Gyv3Y0V" media="(prefers-color-scheme: dark)"><img src="/files/gF2igkkAAjDP5ZCQYDZz" alt=""></picture><figcaption></figcaption></figure>
{% endstep %}

{% step %}
Now, select the token you have just created in the **Token** field.
{% endstep %}

{% step %}
In the **Event format** section, choose either **JSON** or **Raw**.
{% endstep %}

{% step %}
In the **Advanced configuration** settings, add **Bulk** or **Proxy** settings.

For optimal performance, we strongly recommend enabling **Bulk configuration** and enter these settings to significantly improve performance and reduce system load:<br>

* **Event time limit** -  `2`
* **Number of events** -  `1500`
* **Batch size (bytes)** - `5000000`

Depending on your Pipelines ingestion level, you may need to adjust these values to optimize performance and prevent prolonged waiting periods that could contribute to back pressure.

{% hint style="warning" %}
Only enable Bulk configuration after completing Pipeline debugging. If you need to use Debug mode, temporarily disable Bulk configuration, then re-enable it once debugging is complete.
{% endhint %}
{% endstep %}

{% step %}
Click **Finish**.
{% endstep %}
{% endstepper %}

## Pipeline configuration

When it comes to using this Data sink in a [Pipeline](/the-workspace/pipelines.md), you must configure the following output parameters. To do it, simply click the Data sink on the canvas and select **Configuration**.

### Output configuration

<table><thead><tr><th width="169.8515625">Parameter</th><th>Description</th></tr></thead><tbody><tr><td><strong>Message</strong><mark style="color:red;"><strong>*</strong></mark></td><td>Select the field to include in the output message. The data type must be <code>string</code>.</td></tr></tbody></table>

#### Add fields

Optionally, you may include as many Key-Value pairs as required.

<table><thead><tr><th width="169.8515625">Parameter</th><th>Description</th></tr></thead><tbody><tr><td><strong>Field name</strong><mark style="color:red;"><strong>*</strong></mark></td><td>Enter a name for the new field.</td></tr><tr><td><strong>Value</strong><mark style="color:red;"><strong>*</strong></mark></td><td>Select the field that contains the value data. </td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onum.com/the-workspace/data-sinks/data-sink-integrations/send-data-to-crowdstrike-products/send-data-to-falcon-logscale.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.