Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Description

Config Example

Designated for Windows Event Logs.

 Request Json

{name: "qradartrans", type: "transform", configuration: "{\n \"mapping\": {\n \"@timestamp\": {\n \"column\": \"date\"\n },\n \"log.level\": {\n \"column\": \"type\"\n },\n \"message\": {\n \"column\": \"y\"\n },\n \"event.code\": {\n \"column\": \"x\"\n },\n \"event.provider\": {\n \"column\": \"category\"\n },\n \"event.kind\": {\n \"const\": \"event\"\n },\n \"event.created\": {\n \"column\": \"date\"\n }\n }\n}"}

QRadar

The data flow should be defined with the ‘QRadar’ condition, inside the relevant forwarder:

Output: The target receives the logs in LEEF format (a customized event format for QRadar).

  • No labels