HTTP/S
Configuring an HTTP/S Listener Account
To receive data over HTTP/S, configure an HTTP/S Listener account by following these steps:
Step 1: Access the Listener Management Console
Navigate to
Manager > Data > Listen to Data
in the left panel.The Listener management console opens.
Step 2: Add a New HTTP/S Listener Account
For each new HTTP/S account, configure the following details:
Basic Configuration
Name: Define a unique name for the Listener account.
Description: Provide a description for better identification.
Listening Node: Specify the node in the cluster that will receive HTTP messages (visible only if an XPLG cluster is deployed).
Token: Assign a unique token required for authentication in the request URL. This ensures only authorized devices send data and correctly tags the logs.
URL: Specify the URL that devices should use when sending data, including the IP address/hostname, port, path, and token. If using a cluster, the URL is populated upon selecting a Listening Node.
Step 3: Configure Advanced Settings
General Information
Enabled: Determine whether the account is active.
Dynamic Log Creation Configuration
(Optional) Configure how logs are created dynamically. Leave settings as default to receive data as is, or use agent configuration to structure log delivery.
Parent Folder: Define the folder where logs from this listener will be stored within XPLG.
Collection Policy: Assign a collection policy for managing storage and data retention.
AppTags: Associate AppTags for data enrichment and categorization.
Log Name Prefix: Add a prefix to log names to distinguish logs from multiple listener accounts. Leave empty for no prefix.
Split by Source Device: Create separate logs per unique source device based on received messages.
Do Not Split: Default setting—stores all incoming data in a single log.
Create Log by Unique IP/Host Name: Splits logs based on the source sending the data (
Log_Name_Prefix Source_IP/Name
).Create Log by IP Mask: Splits logs based on a configured IP mask (
Log_Name_Prefix IP_Mask
).
Message JSON Key: Specifies which JSON field contains the log message. This is necessary when matching a template in XPLG.
Split by JSON Columns: Define a list of JSON keys separated by
->
to specify log paths and names. Append*
to denote the host.
Advanced Dynamic Log Creation Configuration
XPLG can dynamically organize incoming logs based on predefined JSON keys found in log messages:
xpologPath: Folder path (
->
separated) where logs should be stored.xpologName: Log name in XPLG (appended if another split type is selected).
xpologType: Log type; if a matching template exists in XPLG, it will automatically apply it (must be used in conjunction with
Message JSON Key
).
Step 4: Configure Listener Data Settings
Listener Data Location: Define where received data will be stored (default: XPLG data directory).
Indexing Node: Select the node responsible for indexing received Syslog messages (only applicable in an XPLG cluster).
Indexing Interval: Set the frequency for indexing received Syslog messages.
Step 5: Configure JSON Parsing
JSON Parsing Level: Set the maximum depth for extracting JSON data into structured columns.
Step 6: Save and Finalize the Listener Account
Once the configuration is complete, save the Listener account.
Data Processing and Availability
All data received through the HTTP/S Listener account will be stored under the configured parent folder. It will be available for search, reporting, and alerting within XPLG.
__________
How to send data to XPLG
Clients can send JSON-formatted log data to the designated endpoint, which responds with standard HTTP status codes.
Endpoint URL
https://XPLG_MACHINE_NAME:XPLG_HTTPS_PORT/logeye/api/logger.jsp
Authentication Each request must include a valid token as a query parameter.
?token=XPLG_LISTENER_TOKEN
Request Format
Method:
POST
Headers:
Content-Type: application/json
Body (JSON):
{
"message": "Your message to XPLG here"
}
Example Request Using curl
:
Response Codes for example
200 OK
- Log message received successfully.400 Bad Request
- Invalid request format or missing parameters.500 Internal Server Error
- Server encountered an error processing the request.
Security Considerations
Ensure
XPLG_MACHINE_NAME
resolves correctly in your network and that the portXPLG_HTTPS_PORT
is open to allow traffic to go through.Use a valid authentication token to avoid unauthorized access.
Secure communication via HTTPS is highly recommended to protect data in transit.