EDPort Collector Inputs

Enter a descriptive name for this input. 

When you create a workflow, you will use this label to enter your input into the workflow. 

This parameter is required. 

Review the following example: 

labels: "error-counts-per-node"

Enter the port that the agent should listen for. 

This parameter is required. 

Review the following example: 

port: 4545

Select (or enter):

• tcp
• http
• https

This parameter is required. 

Review the following example: 

protocol: http

Enter a network interface where the agent can listen for data. 

This parameter is optional. 

Review the following example: 

listen: localhost

Enter a maximum time to wait and listen for data. 

This parameter only applies if you select tcp as the protocol. 

This parameter is required. 

Review the following example: 

read_timeout: 30s

You can only select (or enter) FlattenedObservation.

This parameter is required. 

Review the following example: 

schema: FlattenedObservation

Enter the number of lines to read from the incoming data. 

If you do not enter a value, then 1 will be used. 

This parameter only applies if you select tcp as the protocol. 

This parameter is optional. 

Review the following example: 

read_size: 10000

Mark (or enter) true or false to generate anomaly scores. 

This parameter is optional. 

Review the following example: 

enable_incoming_line_anomalies: true

enrichments

You can use this parameter to enrich data with specified extracted fields. 

To learn how to enrich data from inputs, see Enrich Input Data.

This parameter is optional. 

Review the following example: 

enrichments:
  from_logs:
    field_mappings:
      - field_name: podname
        pattern: "podname: (\\w+)"
      - field_name: component
        json_path: fields.[1].component

add_ingestion_time

Mark (or enter) true or false to ingest a timestamp if the input format is in JSON.

This parameter is optional. 

Review the following example: 

add_ingestion_time: true

Mark (or enter) true or false to skip the ingestion of the timestamp when the input is broken or in an invalid format.  

This parameter is optional. 

Review the following example: 

skip_ingestion_time_on_failure: true

Select an existing filter to add to this input. 

To learn more, see Filters.

This parameter is optional. 

Review the following example: 

filters: 
   - info 

tls:

  disable_verify

To disable a TLS verification of a certificate:

• In the visual editor, select True.
• In the YAML file, enter: disable_verify: true.

To enable a TLS verification of the certificate:

• In the visual editor, select False.
• In the YAML file, you can enter disable_verify: false or you can remove this line entirely. 

This parameter is optional. 

Review the following example: 

tls:
  disable_verify: true

tls:

  ca_file_path

Enter the absolute file path to the CA certificate file.

This parameter is optional. 

Review the following example: 

tls:
  ca_path: /var/etc/kafka

tls:

  ca_path

Enter the absolute path to scan the CA certificate file.

This parameter is optional. 

Review the following example: 

tls:
  ca_file: /certs/ca.pem

tls:

  crt_path

Enter the absolute path to the certificate file. 

This parameter is optional. 

Review the following example: 

tls:
  crt_file: /certs/server-cert.pem

tls:

  key_file

Enter the absolute path to the private key file. 

This parameter is optional. 

Review the following example: 

tls:
  key_file: /certs/server-key.pem

tls:

  key_password

Enter the password for the key file.

This parameter is optional. 

Review the following example: 

tls:
  key_password: p@ssword123

tls:

  client_auth_type

Select a client authorization type. 

You can select (or enter)

• noclientcert
• requestclientcert
• requireanyclientcert
• verifyclientcertifgiven
• requireandverifyclientcert

The default setting is noclientcert.

This parameter is optional. 

Review the following example: 

tls:
  client_auth_type: noclientcert

tls:

  min_version

Enter the minimum version of TLS to accept. 

This parameter is optional. 

Review the following example: 

tls:
  min_version: TLSv1_1

tls:

  max_version

Enter the maximum version of TLS to accept. 

This parameter is optional. 

Review the following example: 

tls:
  max_version: TLSv1_3

source_detection:

   source_type

Enter a source type.

Within inputs, a source type tells the Edge Delta agent which specific stream to monitor and extra logs from.

You can select (or enter) Docker, ECS, File, K8s. or Custom. 

This parameter is optional. 

Review the following example: 

source_detection:
  source_type: "K8s"

source_detection:

   optional

Enter true or false to ingest (or discard) logs with a failed source detection. 

Enter true to ingest logs with the original source information, despite a failed source detection.

Enter false to discard logs with a failed source detection.

This parameter is optional. 

Review the following example: 

optional: false

source_detection:

  processing_mode

There are 2 types of processing modes:

• json
• regex

If you enter json, then you must enter the JSON path as a value for each field mapping. 

If you enter regex, then you must enter a regex pattern with one capturing group named field, such as

• "path (?P<field>\w+)" 

This parameter is optional. 

Review the following example:

source_detection:
        source_type: "Custom"
        optional: false
        processing_mode: regex
        field_mappings:
          namespace: namespace (?P<field>\w+)
          serviceName: service (?P<field>\w+)
          roleName: user_role (?P<field>\w+)
          systemType: system (?P<field>\w+)

source_detection:

   field_mappings

This parameter is optional. 

Review the following example: 

source_detection:
  field_mappings:
    k8s_namespace: "kubernetes.namespace"
    k8s_pod_name: "kubernetes.pod.name"
    k8s_container_name: "kubernetes.container.name"
    k8s_container_image: "kubernetes.container.image"