/
HTTP/S

HTTP/S

Configuring an HTTP/S Listener Account

To receive data over HTTP/S, configure an HTTP/S Listener account by following these steps:

Step 1: Access the Listener Management Console

  1. Navigate to Manager > Data > Listen to Data in the left panel.

  2. The Listener management console opens.

Step 2: Add a New HTTP/S Listener Account

For each new HTTP/S account, configure the following details:

Basic Configuration

  • Name: Define a unique name for the Listener account.

  • Description: Provide a description for better identification.

  • Listening Node: Specify the node in the cluster that will receive HTTP messages (visible only if an XPLG cluster is deployed).

  • Token: Assign a unique token required for authentication in the request URL. This ensures only authorized devices send data and correctly tags the logs.

  • URL: Specify the URL that devices should use when sending data, including the IP address/hostname, port, path, and token. If using a cluster, the URL is populated upon selecting a Listening Node.

Step 3: Configure Advanced Settings

General Information

  • Enabled: Determine whether the account is active.

Dynamic Log Creation Configuration

(Optional) Configure how logs are created dynamically. Leave settings as default to receive data as is, or use agent configuration to structure log delivery.

  • Parent Folder: Define the folder where logs from this listener will be stored within XPLG.

  • Collection Policy: Assign a collection policy for managing storage and data retention.

  • AppTags: Associate AppTags for data enrichment and categorization.

  • Log Name Prefix: Add a prefix to log names to distinguish logs from multiple listener accounts. Leave empty for no prefix.

  • Split by Source Device: Create separate logs per unique source device based on received messages.

    • Do Not Split: Default setting—stores all incoming data in a single log.

    • Create Log by Unique IP/Host Name: Splits logs based on the source sending the data (Log_Name_Prefix Source_IP/Name).

    • Create Log by IP Mask: Splits logs based on a configured IP mask (Log_Name_Prefix IP_Mask).

  • Message JSON Key: Specifies which JSON field contains the log message. This is necessary when matching a template in XPLG.

  • Split by JSON Columns: Define a list of JSON keys separated by -> to specify log paths and names. Append * to denote the host.

Advanced Dynamic Log Creation Configuration

XPLG can dynamically organize incoming logs based on predefined JSON keys found in log messages:

  • xpologPath: Folder path (-> separated) where logs should be stored.

  • xpologName: Log name in XPLG (appended if another split type is selected).

  • xpologType: Log type; if a matching template exists in XPLG, it will automatically apply it (must be used in conjunction with Message JSON Key).

Step 4: Configure Listener Data Settings

  • Listener Data Location: Define where received data will be stored (default: XPLG data directory).

  • Indexing Node: Select the node responsible for indexing received Syslog messages (only applicable in an XPLG cluster).

  • Indexing Interval: Set the frequency for indexing received Syslog messages.

Step 5: Configure JSON Parsing

  • JSON Parsing Level: Set the maximum depth for extracting JSON data into structured columns.

Step 6: Save and Finalize the Listener Account

Once the configuration is complete, save the Listener account.

Data Processing and Availability

All data received through the HTTP/S Listener account will be stored under the configured parent folder. It will be available for search, reporting, and alerting within XPLG.

 

__________

 

How to send data to XPLG

Clients can send JSON-formatted log data to the designated endpoint, which responds with standard HTTP status codes.

Endpoint URL

https://XPLG_MACHINE_NAME:XPLG_HTTPS_PORT/logeye/api/logger.jsp

Authentication Each request must include a valid token as a query parameter.

?token=XPLG_LISTENER_TOKEN

Request Format

  • Method: POST

  • Headers:

    • Content-Type: application/json

  • Body (JSON):

{ "message": "Your message to XPLG here" }

Example Request Using curl:

Response Codes for example

  • 200 OK - Log message received successfully.

  • 400 Bad Request - Invalid request format or missing parameters.

  • 500 Internal Server Error - Server encountered an error processing the request.

Security Considerations

  • Ensure XPLG_MACHINE_NAMEresolves correctly in your network and that the port XPLG_HTTPS_PORTis open to allow traffic to go through.

  • Use a valid authentication token to avoid unauthorized access.

  • Secure communication via HTTPS is highly recommended to protect data in transit.

 

 

Related content

Defining a Log Collection Policy
Defining a Log Collection Policy
Read with this
Remote XpoLog/PortX
Remote XpoLog/PortX
More like this
Installation
Installation
Read with this
Syslog - TCP
Syslog - TCP
More like this
Send Data to XPLG using Fluent-Bit (agents)
Send Data to XPLG using Fluent-Bit (agents)
More like this
Use Fluent Bit to forward Windows logs to XPLG
Use Fluent Bit to forward Windows logs to XPLG
More like this