Hi
I have couple of questions relating to ingestion API
1) if logs are send via Ingestion API if connection breaks does data get lost during that time period or is it saved anywhere
2) assuming i am planning to send Meraki logs (unstructured) to chronicle via Ingestion APi, what are the steps that i should follow (if there is any article or blog would help a lot).
3) Which mechanism is better using forwarder or ingestion API, how do we determine ?
Hello,
I believe your data would be lost if you don't have some type of mechanism that knows your connectivity has failed and then would retry.
Please check out this here
https://cloud.google.com/chronicle/docs/reference/ingestion-api
Both Forwarder and Ingestion API give you great options or you could also use Bindplane agents.
As for what is best, without knowing anything about your infrastructure and potential costs associated, we cannot give you any specifics. The Ingestion API does allow you to send data in UDM format which is a great advantage to the other solutions. That's a tough question to answer with very little knowledge of how your network looks.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.