Specify the logs that you want to forward based on log
type and attributes.
When you’re first setting up log forwarding
to a Syslog, HTTPS, email server,
you must specify which logs to forward by using log filters. Log
filters use the same query language as Explore to enable you
to finely select which logs Cortex Data Lake will forward to the destination
of your choice.
Start creating a Syslog or email forwarding profile.
Under
Filters
, select
Add
.
Select a log type.
Enter a query that describes the type of logs you want
to forward, or select one of the predefined filters.
A green
check mark indicates that the query is valid, and pressing enter
or clicking the arrow should generate results that match the query.
A red X means that the query is invalid and you will be unable to
submit it.
(
Optional
) Customize how the field columns appear.
Hover over any column header and select the hamburger
icon to choose the columns that you want to see.
Hiding a column hides the corresponding field in the Syslog
message of the logs forwarded through the filter.
Change column order by clicking anywhere on a column header
and dragging to the left or right.
Rearranging
columns changes the order of the fields in the Syslog message of
the logs forwarded through the filter. For example, if you move
RULE
to
the left of
APPLICATION
, the
Rule
field
will appear before the
Application
field
in the Syslog message.
Change column width by clicking in between column headers
and dragging to the left or right.