search
SlackGitHubCommunity MeetingsWebinars

Google Chronicle

The Google Chronicle output plugin lets you ingest security logs into the Google Chroniclearrow-up-right service. This connector is designed to send unstructured security logs.

hashtag
Google Cloud configuration

Fluent Bit streams data into an existing Google Chronicle tenant using a service account that you specify. Before using the Chronicle output plugin, you must:

  1. Create a service account.

    To stream security logs into Google Chronicle, create a Google Cloud service accountarrow-up-right for Fluent Bit:

  2. Create a tenant of Google Chronicle.

    Fluent Bit doesn't create a tenant of Google Chronicle for your security logs, so you must create this ahead of time.

  3. Retrieve service account credentials.

    The Fluent Bit Chronicle output plugin uses a JSON credentials file for authentication credentials. Download the credentials file by following the instructions for Creating and Managing Service Account Keysarrow-up-right.

hashtag
Configuration parameters

Key
Description
Default

customer_id

The customer ID identifying the Google Chronicle tenant to stream into.

none

google_service_credentials

Absolute path to a Google Cloud credentials JSON file.

Value of the environment variable $GOOGLE_SERVICE_CREDENTIALS

log_key

By default, the whole log record is sent to Google Chronicle. If you specify a key name with this option, only the value of that key is sent.

none

log_type

The log type to parse logs as. Google Chronicle supports parsing for specific log types onlyarrow-up-right.

none

project_id

The project ID containing the Google Chronicle tenant to stream into.

Value of the project_id in the credentials file

region

The GCP region in which to store security logs. Supported regions: US, EU, UK, ASIA. Blank is treated as US.

none

service_account_email

Account email associated with the service. Only available if no credentials file has been provided.

Value of the environment variable $SERVICE_ACCOUNT_EMAIL

service_account_secret

Private key content associated with the service account. Only available if no credentials file has been provided.

Value of the environment variable $SERVICE_ACCOUNT_SECRET

workers

The number of workers to perform flush operations for this output.

0

See Google's official documentationarrow-up-right for further details.

hashtag
Configuration file

If you are using a Google Cloud credentials file, the following configuration will get you started:

PreviousGraylog Extended Log Format (GELF)NextGoogle Cloud BigQuery

Last updated

Was this helpful?