We have 3 homegown applications which currently do not produce logs apparently of any kind. We are being required to have these applications produce logs to feed into R7. What I do not know as I’ve never dealt with this is what is the minimum requirements or log types I need to ask the application teams to produce which can then be ingested in to R7. The applications are financial types.
Hi @bknoff1, I can recommend the following two URLs Custom Parsing Rules and Custom Logs.
There are different ways for this to work, but the easierst will probably be to create a JSON log. Beside of that, only the information you need in IDR is neccasserry in the log. If you need to correlate the information with a user/computer, add the name/e-mail-address/ip/hostname to the logs as well.
Thank you Robert.