Activate the CSV Collector

Activating the broker VM with a CSV Collector applet enables you to monitor and collect CSV log files from a shared Windows directory to your log repository.
Ingesting Logs and Data from external sources requires a Cortex XDR Pro per TB license.
The broker VM provides a CSV Collector applet that enables you to monitor and collect CSV (comma-separated values) log files from a shared Windows directory directly to your log repository for query and visualization purposes. After you activate the CSV Collector applet on a broker VM in your network, you can ingest CSV files as datasets by defining the list of folders mounted to the broker VM and setting the list of CSV files to monitor and upload to Cortex XDR using a username and password.
Be sure you do the following tasks before you begin setting up the CSV Collector applet.
  • Ensure that you
    share
    the applicable CSV files.
  • Know the complete file path for the Windows directory.
Activate the CSV Collector.
  1. In Cortex XDR, select
    Settings ( )
    Configurations
    Broker VM
    and locate your broker VM.
  2. Right-click the broker VM and select
    CSV Collector
    Activate
    .
  3. Configure your CSV Collector by defining the list of folders mounted to the broker VM and specifying the list of CSV files to monitor and upload to Cortex XDR. You must also specify a username and password.
    1. Mounted Folders
      • FOLDER PATH
        —Specify the complete file path to the Windows directory containing the shared CSV files using the format:
        //host/
        <folder_path>
        . For example,
        //testenv1pc10/CSVFiles
        .
      • USERNAME
        —Specify the username for accessing the Windows directory.
      • PASSWORD
        —Specify the password for accessing the Windows directory.
      After you configure the mounted folder details,
      Add
      ( ) details to the applet.
    2. Monitored CSV Files
      • FOLDER PATH+NAME
        —Select the monitored Windows directory and specify the name of the CSV file. Use a wildcard file search using these characters in the name of the directory, CSV file name, and
        Path Exclusion
        .
        -
        ?
        —Matches a single char, such as
        202?-report.csv
        .
        -
        *
        —Matches either multiple characters, such as
        2021-report*.csv
        , or all CSV files with
        *.csv
        .
        -
        **
        —Searches all directories and subdirectories
        For example, if you want to include all the CSV files in the directory and any subdirectories, use the syntax
        //host/
        <folder_path>
        /**/*.csv
        .
        When you implement a wildcard file search, ensure that the CSV files share the same columns and header rows as all other logs that are collected from the CSV files to create a single dataset.
      • PATH EXCLUSION
        —(
        Optional
        ) Specify the complete file path for any files from the Windows directory that you do not want included. The same wildcard file search characters are allowed in this field as explained above for the
        FOLDER PATH+NAME
        field. For example, if you want to exclude any CSV file prefixed with '
        exclude_
        ' in the directory and subdirectories of
        //host/
        <folder_path>
        , use the syntax
        //host/
        <folder_path>
        /**/exclude_*.csv>
        .
      • TAGS
        —(
        Optional
        ) To easily query the CSV data in the database, you can add a tag to the collected CSV data. This tag is appended to the data using the format
        <data>_<tag>
        .
      • TARGET DATASET
        —Either select the target dataset for the CSV data or create a new dataset by specifying the name for the new dataset.
  4. Activate
    the CSV Collector applet.
    After a successful activation, the
    Apps
    field displays
    CSV Collector - Active
    .
    The CSV Collector checks for new CSV files every 10 minutes.
  5. (
    Optional
    ) To view metrics about the CSV Collector, hover over the
    CSV Collector
    link in the Apps field.
    Cortex XDR displays
    Resources
    , including the amount of
    CPU
    ,
    Memory
    , and
    Disk
    space the applet is using.
  6. Manage the CSV Collector.
    After you activate the CSV Collector, you can make additional changes as needed. To modify a configuration, right-click your broker VM and select:
    • CSV Collector
      Configure
      to redefine the CSV Collector configurations.
    • CSV Collector
      Deactivate
      to disable the CSV Collector.

Recommended For You