-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature(#16369): Add chronicle udm events sink #22155
base: master
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving for docs/tutorials/sinks/1_basic_sink.md
.
Hey @pront, I just raised the PR because I like the github diff, I'm still testing the change and the integration tests on this branch don't work yet. |
Sounds good @ChocPanda 👍
Feel free to ping me, when you want a code review! |
c49269e
to
d6315a5
Compare
d6315a5
to
619d8cc
Compare
e10d0e9
to
9173ec1
Compare
77326b2
to
6ce1c16
Compare
…Chronicle restructure gcp chronicle sinks to share code where possible
…le udm events and chronicle unstructured r
b1582c3
to
6bd6ccd
Compare
6bd6ccd
to
2b72a61
Compare
5669ad6
to
56efb46
Compare
Hey @pront, I've tested this manually and have the integration tests working. |
This PR includes the changes in #22033 |
Summary
Add a new Google Chronicle log sink for UDM events. The log sink acts as a client for the Google Chronicle udmevents ingestion API. Forwarding udm data in a Json format. it is assumed that the events will already be compliant with the Google Chronicles UDM format
Change Type
Is this a breaking change?
How did you test this PR?
Added new integration tests
Tested manually against a live Google Chronicle deployment
Does this PR include user facing changes?
Checklist
Cargo.lock
), pleaserun
dd-rust-license-tool write
to regenerate the license inventory and commit the changes (if any). More details here.References
#16369