Only Global and Restricted Admins can use this feature.
You must initialize the Long-Running LRCTL service to work with Open Collectors and Beats in the Web Console. For instructions on how to initialize the service, see Configure Open Collector Connection to the SIEM.
The Open Collector grid allows users to view and manage all auto-provisioned and registered LRCTL Open Collector records from the Web Console.
To access the Open Collector grid:
On the top navigation bar, click the Administration icon, and then click Log Collection.
The Log Sources page appears.
On the left side, click Open Collectors.
View Active and Retired Open Collectors
By default, the grid displays active Open Collectors. To view retired Open Collectors, click the Show Retired check box in the upper-right corner of the page.
The following columns are visible in the Open Collector grid. Clicking any column header sorts by that metric.
The name of the Open Collector.
The host for the Open Collector.
The IP address of the Open Collector.
The Entity assigned to the Open Collector.
Displays a count of active Beats associated with the Open Collector.
Indicates whether the Open Collector is Active or Retired.
Indicates the date and time of the most recent heartbeat received for the Open Collector.
Filter the Grid
Each column can be filtered using the filter options below the column name. There are three filter types in the Open Collector grid:
Type in the field to only display results in the column that contain the entered text.
Select one of the available options from the drop-list to only display results that match the selection.
Use the date picker to display the last heartbeat that was received on or after the date chosen.
To retire or activate multiple Open Collectors at one time, you can select multiple Open Collectors by clicking the check boxes the Check All column.