Collectors
Administrator permissions are required to access this feature.
A collector is a single point of integration with an application or cloud provider. One collector can retrieve log data from multiple types of log sources. For example, if you have the Microsoft 365 platform, you can create an MS Graph API Collector to retrieve all the logs. Administrators can add or update the credentials for all the log sources associated with a collector. Onboarding new log sources is also quicker and easier.
View Collectors
- In the lower-left corner of the main screen, click the Administration cog.
The Administration menu appears on the left side. Under Integrations, click Collectors.
By default, the list of active collectors appears in alphabetical order. The table shows the following information for each collector:Column Description Collector Name The name of the collector with a link to its profile page. Collector Type The Collector Type the collector is assigned. Log Sources The number of log sources associated with the collector. Status An indicator on the collector's connection status. Last Log Message The date and time of the last log message received. For information on filtering columns in the table, see Filters.
- To view the list of retired collectors, click the Retired tab.
Available Actions on the Collectors Page
| What do you want to do? | How do you do it? |
|---|---|
| Active Collectors Tab | |
Add a new collector. For more information, see Add a Collector. | In the upper right corner, click + Add Collector. |
| View a collector's configuration details. | In the Collector Name column, click the collector name. |
| Edit a collector's details. | To the left of the collector name, click the three-dot menu, and then click Edit. |
Retire a collector. Retiring a collector also retires all log sources associated with that collector. | To the left of the collector name, click the three-dot menu, and then click Retire. |
Add a new log source. For more information, see Add a Log Source to an Active Collector. | To the left of the collector name, click the three-dot menu, and then click Add Log Source. |
| Run a search on a collector. | To the left of the collector name, click the three-dot menu, and then click Run Search. |
| View the log sources associated with a collector. | In the Log Sources column, click the number. |
| Retired Collectors Tab | |
Activate a retired collector. Activating a collector also activates all log sources associated with that collector. | To the left of the collector name, click the three-dot menu, and then click Activate. |
