Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Edge Processor - Alpha version
- Loading branch information
1 parent
51e4a1b
commit 16b144d
Showing
6 changed files
with
90 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
# Edge Processor integration guide (Experimental) | ||
|
||
## Intro | ||
|
||
`Edge Processor` can be used on that usecases: | ||
|
||
* Enrich log message extra data (for example add some field or override index) using `SPL2` | ||
* Filter log message using `SPL2` | ||
* Send log messages to alternative destanations (like `AWS S3`, `Apache Kafka`, etc.) | ||
|
||
## How it's working | ||
|
||
```mermaid | ||
stateDiagram | ||
direction LR | ||
SC4S: SC4S | ||
EP: Edge Processor | ||
Dest: Another destination | ||
Device: Your device | ||
S3: AWS S3 | ||
Instance: Instance | ||
Pipeline: Pipeline with SPL2 | ||
Device --> SC4S: Syslog protocol | ||
SC4S --> EP: HEC | ||
state EP { | ||
direction LR | ||
Instance --> Pipeline | ||
} | ||
EP --> Splunk | ||
EP --> S3 | ||
EP --> Dest | ||
``` | ||
|
||
## Basic Setup | ||
|
||
1. Use IP of EP instance as HEC URL | ||
2. Use token from EP Global Settings | ||
3. Use EP API format: t_edge_hec | ||
|
||
### Docker: | ||
|
||
Update `env_file`: | ||
``` | ||
SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=http://x.x.x.x:8088 | ||
SC4S_DEST_SPLUNK_HEC_DEFAULT_TOKEN=secret | ||
SC4S_HEC_TEMPLATE=t_edge_hec | ||
``` | ||
|
||
### Kubernetes: | ||
|
||
Update `values.yaml`: | ||
``` | ||
splunk: | ||
hec_url: "http://x.x.x.x:8088" | ||
hec_token: "secret" | ||
hec_template: "t_edge_hec" | ||
``` | ||
|
||
## TLS | ||
|
||
Coming soon... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters