Common Event Format
Configure Common Event Format Log Source with observIQ
Supported Platforms
Source | Windows | Linux | Mac | Kubernetes | Openshift |
|---|---|---|---|---|---|
Common Event Format | ✓ | ✓ | ✓ |
Configuration
Option | Description |
|---|---|
File Path | Specify a single path or multiple paths to read one or many files. You may also use a wildcard (*) to read multiple files within a directory. |
Type | Adds the specified 'Type' as a label to each log message. |
Geographic Location | The geographic location (timezone) to use when parsing logs that contain a timestamp. |
Start At | Choose whether to start reading from the beginning or end of a file with "end" being the default. |
Log Types
Types |
|---|
custom_event_format |
Dashboards
Users can configure dashboards using visualizations. More information can be found on our visualizations and dashboards page.
Advanced
For more information on the advanced configuration capabilities, see our detailed plugin guide here.
Updated 8 months ago