Create a log source configuration

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read

    • Regulate and set filters on the logs to be forwarded by creating a log source configuration.

    Before you begin

    Role required: admin or sn_logstoanalytics.admin

    Procedure

    1. Navigate to All > Log Export Service (LES) > Sources.
      A list of log sources shows up.
    2. Select New if you want to create a new log source.
      You can also select an existing log source if you want to modify it.
      The Source form shows up.
    3. On the form, fill up the fields.
      Table 1. Source form
      Fields Description
      Source Type Types of log sources
      • Node Log
      • Table
      See Log sources for more information.
      Table Selection of table for table type logs.
      Note:
      This field is visible only when you select Table as the Source Type.
      Log Level A set of standard logging levels that can be used to control logging output.
      You have the following log level to select from:
      • INFO
      • WARN
      • ERROR
      Note:
      Following convention, each level will forward logs of equal or greater severity. For example, if you select WARN as the log level, it forwards both WARN and ERROR logs but not INFO logs.
      Note:
      This field is visible only when one of the following conditions is met.
      • When you select Node Log as the Source Type
      • When you select Table as the Source Type and the table is syslog
      Accepts Specifies the format in which the logs are forwarded to Hermes. They can either be sent as JSON or as plain text.

      Topic
      Select or create a topic for the source type and table type.
      Note:
      This field is visible only when one of the following conditions is met.
      • When you select Node Log as the Source Type
      • When you choose Table as the Source Type and then select any table other than syslog
        Note:
        If you choose sys_audit as the Table and Log Table as Filter Type, the Topic field doesn't show up.
      If you are creating a new topic, fill up the following fields.
      • Name: Name of the topic you are creating
      • Application ID: Enter sn_logstoanalytics
      • Namespace: Enter Default Namespace
      • Partition: The partition field of a topic in Hermes refers to the partitions into which the topic's data is divided. It plays a key role in scalability and parallelism
      See Create source type and multi topics in the LES source table for more information.
      Filter Type Conditions to forward logs selectively.
      Note:
      This field is visible only if you select sys_audit as the table.

      Active

      Option to activate the new source type.
    4. Select Submit to save the new log source.
      The list of log sources shows up.
    5. Select the log source you just created.
    6. Review the information in the Source Topics related list for the log sources and add filters accordingly.
      You can also create a new filter type and assign it to an existing or a new topic by selecting New. Proceed with the next step to create a filter type.
      Note:
      The Source Topics related list shows up only if one of the following conditions are fulfilled:
      • If you choose syslog as the table and submit the source configurations.
      • If you select sys_audit as the table and select Log Table in the Filter Type field.

      If you have selected sys_audit as the Table, information regarding only Log Table and Topic is displayed in the Source Topics related list. You can view filter information only when you select syslog as Table.

      Note:
      By default, you can create only upto ten filter types. If you need to change the number of filter types, you can add the glide.log.forwarding.syslog.topics.limit property and modify the default value associated with it.
    7. Create a filter type and assign it to a topic.
      1. Select New to create a new filter type. The Source Topics form shows up.
      2. Select one of the following Filter Type options.
        • All
        • Application Family
        • Package
        • Scope
        Note:
        This field is visible only when you select syslog as the table.
      3. Select the required table in the Log Table field.
        Note:
        This field is visible only when you select sys_audit as the table.
      4. Select the lookup icon in the Topic field.
        Note:
        You can select an existing Kafka topic from the list. You can also create a new Kafka topic by selecting New in the Kafka Topics list. See Create source type and multi topics in the LES source table to create a new Kafka topic.
      5. Select Submit on the Source Topics form.
    8. View the recently created log table and its corresponding topic in the Source Topics related list.