li-stream-tcp-syslogs
Pipeline: li-stream-tcp-syslogs
| @c:new-block
--> @rn:read-stream
name = 'syslog-tcp-stream-01' &
group = 'tcp_syslog_raw_events' &
batch_count = '500' &
batch_wait_time = '2'
--> @dm:add-missing-columns
columns="rda_gw_client_ip,syslog_severity" &
value="None"
--> @dm:enrich-using-rule-dict
dict = "petclinic-env-dict" &
rule_column = "rule" &
enrich_columns = "env"
--> @dm:eval
syslog_severity = "syslog_severity.upper()"
--> @rn:write-stream
name = "tcp-syslog-events"
--> @rn:write-stats-to-stream
name = "log-intel-stats" &
groupby = "env,syslog_severity" &
type = "syslog-tcp" &
mode = "input"
|
Extensions used in this Pipeline
| Source Name |
Extension Type |
| rn |
rn |
Artifacts used in this Pipeline
| Artifact Type |
Artifact Name |
Access |
| rda-network-stream |
syslog-tcp-stream-01 |
read |
| dataset |
petclinic-env-dict |
read |
| rda-network-stream |
tcp-syslog-events |
write |
| rda-network-stream |
log-intel-stats |
write |
Bots used in this Pipeline
@c:new-block @rn:read-stream @dm:add-missing-columns @dm:enrich-using-rule-dict @dm:eval @rn:write-stream @rn:write-stats-to-stream