For those who missed our live session—or for anyone who needs a refresher—the recording of our recent webinar, "The Forwarder Deprecation and How to Use Open Telemetry Collectors and Bindplane," is now available.
This is a critical update for all Google SecOps users. As we begin the process of deprecating the legacy forwarder (full timeline below), we are moving to a more powerful, flexible, and centralized way to manage your data ingestion using Open Telemetry collectors and the Bindplane management platform.
A huge thank you to our expert speakers for guiding us through this transition:
-
Utsav Lathia (Product Manager)
-
James Brodsky (Head of Global Security Solution Architects)
-
Craig Lee (Principal Partner Engineer, Bindplane)
📝 What You'll Learn in This Webinar
This one-hour session is packed with essential information and a live demo. Here’s a high-level summary of what you can expect to see:
-
Understanding the Deprecation: We cover the why behind this change and, most importantly, the official deprecation timeline.
-
Jan 1, 2027: Legacy forwarder is End of Life (EOL).
-
April 1, 2027: Legacy forwarder data ingestion will be turned off.
-
-
Introduction to Bindplane: Learn how Bindplane uses the open-source Open Telemetry (Otel) standard to provide a single, manageable agent for all your platforms (Linux, Windows, Mac) and data sources.
-
Key Advantages & Parity: We discuss how the new solution provides parity for old forwarder functions (like database collection and Splunk integration) while adding powerful new capabilities, including support for over 100 data sources and multiple destinations.
-
Step-by-Step Live Demo: Starting at, Craig Lee provides a live demonstration of the Bindplane platform, including:
-
Installing a new Open Telemetry agent.
-
Building a basic configuration for Windows Events.
-
Using the SecOps Standardization Processor (a best practice!) to add UDM fields like
log_type,namespace, and ingestion labels. -
Building an advanced "forwarder replacement" configuration to accept remote syslog from multiple sources.
-
Using advanced processors to redact sensitive data (like IP addresses) and filter low-severity logs at the source.
-
See the attached slide deck and follow along while you watch the recorded livestream!
❓ Audience Q&A
The last 15-20 minutes of the webinar were dedicated to answering your excellent questions. We covered topics such as:
-
Best practices for MSSPs managing multiple tenants.
-
Feature differences between the Google Edition and Enterprise Google Edition licenses.
-
How to handle Splunk integration (using HEC vs. the Heavy Forwarder).
-
Recommendations for remote collection (gateway) vs. local agents.
-
Using Bindplane for custom file log ingestion.
-
...and many more.
See the answers to these questions in the response to this post.
Continue the Conversation
As always, this community is the best place to get answers. If you have any follow-up questions after watching the recording, please post them in the comments below!
We'll be monitoring this thread to help you get the information you need for a smooth migration.
Thanks for being a part of the community!