![]() There are chances of getting some duplicated events in "Live Monitoring Input".Since the new API would start bringing inndata from the past 2 weeks, if the data has already been collected using an older API, it would get duplicated.The user needs to disable the existing input of Historical Querying Input and create a new input of Live Monitoring Input type.Points to consider when migrating from admin_logs to admin_logs_streaming API: Please refer to Configure Live Monitoring Inputs for the Splunk Add-on for Box for steps for configuring live monitoring inputs. Please refer to Configure Historical Querying Inputs for the Splunk Add-on for Box for steps for configuring historical querying inputs. The data collected using any of these inputs for events endpoint would be collected under box:events sourcetype and can be differentiated using source field. ![]() More details regarding this can be found in the Box Documentation. The major benefit that the new API brings is consistent and reduced latency which may bring events quite earlier in Splunk. Depending on the use case it is recommended to use the most relevant input. The admin_logs_streaming API, which is supported using Live Monitoring Input, has certain advantages and disadvantages with respect to admin_logs API. The Live Monitoring Input can collect data starting from the past 2 weeks and then continue data collection for the current time based on the user defined interval. Historical Querying Input can collect Events data starting from the past 1 year and continue data collection for the current time based on the user defined interval. The data collected for events endpoint under Historical Querying Inputs is done through admin_logs API, and under Live Monitoring Inputs is done through admin_logs_streaming API. The existing input has been renamed to "Historical Querying Inputs".Ĭomparison between Historical Querying Inputs and Live Monitoring InputsĪll the older functionalities from "Historical Querying Inputs" remain the same and would work as expected in "Live Monitoring Inputs". Configure inputs for the Splunk Add-on for BoxĪs part of v3.5.0 of Splunk Add-on for Box, a new input has been introduced named "Live Monitoring Inputs".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |