Skip to main content
Skip table of contents

Working with the Generic Beat

Start and Monitor the Beat

When the beat configuration is saved, the beat is also started. To monitor the beat, run the following command:

CODE 
./lrctl genericbeat logs

Modify the Generic Beat Configuration File

To change the credentials for the configuration file:

  1. Run the following command:

    CODE 
    ./lrctl genericbeat config edit
  2. Modify the configuration as desired.

  3. Once required fields have been added, restart the beat with the following command:

    CODE 
    ./lrctl genericbeat restart

Upgrade the Beat

To upgrade the Generic Beat to the latest version, run the following command:

CODE 
./lrctl genericbeat restart

This will automatically apply migration to the Generic Beat.

Default Configuration for the Generic Beat

The following table displays the default configuration values for the fields in the Generic Beat.

S.NOField NameDefault Value
1heartbeatinterval60s
2heartbeatdisabledfalse
3http_timeout

120s

The amount of time, in seconds, before an HTTP connection timeout. This value should not be less than or equal to zero.

4logsource_name

USER_DEFINED

The log source name with which the Generic Beat instance should be configured. For example, proofpoint.

5url

USER_DEFINED

The endpoint URL from which logs are fetched.

6auth_type

basic

Authentication type supported by the API. Below are the macros for the authentication types:

Basic authentication: basic

Header based authentication: tokenauth

OAuth: oauth

No authentication: noauth

7request_methodGET and POST
8basic_auth->username

USER_DEFINED

9basic_auth->passwordUSER_DEFINED
10token_auth->auth_headerUSER_DEFINED
11token_auth->auth_tokenUSER_DEFINED
12oauth20_auth->methodPOST
13oauth20_auth->content_typeapplication/x-www-form-urlencoded
14oauth20_auth->bodyUSER_DEFINED
15oauth20_auth->body_paramUSER_DEFINED
16oauth20_auth->auth_header_fieldUSER_DEFINED
17oauth20_auth->auth_append_fieldUSER_DEFINED
18oauth20_auth->headersUSER_DEFINED
19oauth20_auth->paramsUSER_DEFINED
20oauth20_auth->access_token_formatjsonkey
21oauth20_auth->isRefershTokenSupportedfalse
22oauth20_auth->access_token_fieldaccess_token
23oauth20_auth->urlUSER_DEFINED
24pagination_typelimitoffset
25pagination->limit_offset->limit_fieldUSER_DEFINED
26pagination->limit_offset->limit_value1000
27pagination->limit_offset->offset_fieldUSER_DEFINED
28pagination->page_based->pagesize_fieldUSER_DEFINED
29pagination->page_based->pagesize_value1000
30pagination->page_based->pagenumber_fieldUSER_DEFINED
31pagination->cursor_based->cursor_typeurl
32pagination->cursor_based->cursor_locationheader
33pagination->cursor_based->cursor_query_paramUSER_DEFINED
34pagination->cursor_based->cursor_header_type

link


35pagination->cursor_based->cursor_header_field

USER_DEFINED

The cursor header field is the header field name in which the auth token appears in the response.

36sorting_enabled

false

Change to "true" if your API supports sorting.

37sorting->sorting_field

USER_DEFINED

Sorting field name in which the API expects the sorting value.

38sorting->sorting_value

USER_DEFINED

Sorting value string that the API supports. For example, asc.

39filter_type

startend

Filter types are the different date range-supported filters that the API supports. Below are the macros for the filter types:

Between start and end date: startend

After any specific date: afterstart

Within an interval: interval

No filter: nofilter


40filter->delay_time

0s

If the API supports any delay in real time data, then add that delay here in seconds. For example, 2s.

41filter->start_and_end_filter->start_field

USER_DEFINED

Field name in which the API expects the start time.

42filter->start_and_end_filter->start_value

USER_DEFINED

The start date value from which logs should be fetched.

43filter->start_and_end_filter->end_value

USER_DEFINED

The end date value through which logs should be fetched.

44filter->start_and_end_filter->end_field

USER_DEFINED

Field name in which the API expects the end time.

45filter->after_start_filter->start_field

USER_DEFINED

Field name in which the API expects the start time.

46filter->after_start_filter->start_value

USER_DEFINED

The start date value from which logs should be fetched.

47filter->after_start_filter->response_date_field

USER_DEFINED

The date field to parse from the response body to fetch the next start date for fetching the next set of records.

48filter->interval_filter->interval_field

USER_DEFINED

The field name in which the API expects the date fields. For example, interval.

49filter->interval_filter->interval_value

USER_DEFINED

The interval value consists of the start time and end time string, separated by a delimiter (split char). Start time and end time are used to send the first request on the server. For example, 2021-10-08T00:00:00.000Z/2021-10-08T01:00:00.000Z.

50filter->interval_filter->split_char

USER_DEFINED

The delimiter (split character) between the start and end date in the interval. For example, in the interval string 2021-10-08T00:00:00.000Z/2021-10-08T01:00:00.000Z, the split char is /.

51filter->time_format

Monday, 02-Jan-06 15:04:05 MST

The time format that the API supports.

52headers

empty structure

Response headers to send in the request.

53params

empty structure

Request query parameters to send in the request.

54response_field_flag

true

Set to true to parse any specific field from response body.

55response_field

USER_DEFINED

The field to extract the relevant data from the response body. If a field is not present in the response, then entire response will be forwarded to Open Collector.

56period

30s

The interval at which back-to-back requests will be sent to pull the logs from server.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close