Skip to main content
Solved

FLUENTD Logs Uploaded by forwarder not showing on Chronicle

  • November 19, 2023
  • 1 reply
  • 11 views
Z
Forum|alt.badge.img

Hi All,

I recently tried to do a PoC of chronicle SIEM and after setting up a forwarder to send logs collected by a fluentd aggregator to chronicle, i can't find the logs on Chronicle. I used the steps described here: https://cloud.google.com/chronicle/docs/ingestion/default-parsers/collect-fluentd#configure-fluentd
 
Here's the log output from the forwarder which shows the logs being uploaded. What could i be doing wrong?

 

 

Best answer by lukas-lr

Hi zunni27,

Where in Chronicle are you looking for the logs? Is the data type for selection available in raw log search and have you tried searching there with "." as regex?

1 reply

L
Forum|alt.badge.img+4
  • lukas-lrBronze 2
  • Bronze 2
  • Answer
  • November 21, 2023

Hi zunni27,

Where in Chronicle are you looking for the logs? Is the data type for selection available in raw log search and have you tried searching there with "." as regex?

cmmartin_google
Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.