Skip to main content
Skip table of contents

Initialize the Prisma Cloud Beat


  • Open Collector is installed. If you have not already installed it, follow the instructions in the Open Collector Installation and User Guide, and then return to this topic.
  • API URL (These are specific to audit and alert logs, and the version of these APIs depends on the users. For example,
  • Prisma Cloud Access Key ID (User-provided).
  • Prisma Cloud Secret Key (User-provided).
  • The following port is open:






Initialize the Beat 

  1. Confirm Open Collector is running:

    ./lrctl status

    You should see the open_collector and metrics versions:

    If Open Collector is not running correctly, see Troubleshoot the Open Collector in the Open Collector Installation and User Guide.

  2. Start the beat:

    ./lrctl prismacloudbeat start
  3. Select New prismacloudbeat instance from the list and press Enter.

  4. Enter a unique identifier for this Prisma Cloud Beat instance and press Enter.

  5. Enter the Prisma Cloud Audit API URL and press Enter.

    Create a new Prisma Cloud Beat instance with the Alert API URL to collect Prisma Cloud CSPM Alert logs simultaneously.

  6. Enter the Prisma Cloud Client ID (the Access Key ID obtained in the Configure Prisma Cloud topic), and press Enter.
  7. Enter the Prisma Cloud Client Secret (the Secret Key obtained in the Configure Prisma Cloud topic), and press Enter.

    For security purposes, the Client ID and Client Secret are stored in an encrypted format.

    The prismacloudbeat service started message appears.

  8. Check the status of the service by entering the following command:

    ./lrctl prismacloudbeat status

    Currently, the Prisma Cloud Beat doesn't support log parsing. All collected logs appear under the "Logrhythm - Open Collector" log source.

For commands to inspect or edit a configuration, see the configuration information in Open Collector Installation Tips.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.