Hi,
I have installed Logstash in few of my servers and trying to send the raw logs to my Google SecOps platform (legacy version). My Google SecOps is a google-managed one.
I have shared the Integration API Key from Google SecOps with my application team who is setting up the Logstash in the servers.
They are stuck with authentication issue in the logstash pipeline when they tried to send the data via Google SecOps Ingestion API.
I would like to understand how logstash will be connected with Google SecOps. I couldnt find any official documentation to follow the setup as well.
Thanks.
Question
Sending logs to Google Secops (legacy version) using Logstash
+9- Bronze 3
Perhaps switch to using bindplane?
Bindplane is relatively simple to use, especially if you use the cloud console.
+10There is no native output for Logstash to send to SecOps. Your options are:
- Webhook - In SecOps you can create a webhook for each data type. You should be able to use this with the HTTP output of Logstash
- Place a Bindplane Agent after Logtash - This would use the TCP output of Logtash to send to the Bindplane Agent, which would then send to our ingestion API. This will likely perform the best as Bindplane can do things like batching, versus a webhook where each message is a POST.
-mike
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.