Skip to main content

Hello everyone!
I recently started using Fluent Bit to send DNS logs from Windows Server to Google Chronicle Forwarder which then forwards them to Google Chronicle SIEM.

But I have a doubt.

Im able to send dns logs in JSON raw format, using the following configuration:

[input]
Name              winlog
Channels          DNS Server
Interval_Sec      5
[output]
Name          tcp
Match         *
Host          IP of Chronicle forwarder
Port          PORT of Chronicle
Format        json_lines

However, the logs are sent in raw (json) format and are not parsed to UDM (structured data format of Chronicle).

 

Should I modify the configuration ?

Or the problem is with SIEM?

 

Thank you in advance!

Hi, 


I am not sure if by DNS logs, you mean WINDOWS_DNS logs. If that is the case, we support JSON format. You can read more details in our doc:


https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers


If they are in JSON format and our parser supports the format, then please open a support case, so we can take a closer look.


 


Thanks!

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.