|
1 | 1 | # Formatting options |
2 | 2 |
|
3 | | -To forward logs to Sekoia.io, several options format are available: |
| 3 | +To forward logs to Sekoia.io, several formatting options are available: |
4 | 4 |
|
5 | 5 | - Send your events as line-oriented records |
6 | 6 | - Send your events as a JSON object |
7 | 7 | - Send your events as a structured payload |
8 | 8 |
|
9 | | -For each option, we will have to supply an intake key. The collector endpoint of Sekoia.io will provide event identifiers within the Sekoia.io detection workflow in the form of a JSON payload. |
| 9 | +For each option, we have to supply an intake key. The collector endpoint of Sekoia.io will provide event identifiers within the Sekoia.io detection workflow in the form of a JSON payload. |
| 10 | + |
| 11 | +## Select the intake endpoint for your region |
| 12 | + |
| 13 | +Sekoia.io supports multiple regions for HTTP ingestion. |
| 14 | + |
| 15 | +FRA1 keeps the historical URL scheme, while all other regions use the new API-prefixed scheme. |
| 16 | + |
| 17 | +!!! tip |
| 18 | + Learn more about region and code in [our dedicated article](/getting_started/regions.md). |
| 19 | + |
| 20 | +Endpoints must be built from regional base URLs: |
| 21 | + |
| 22 | +- FRA1 base URL: `https://intake.sekoia.io` |
| 23 | +- Other regions base URL: `https://intake.<region>.sekoia.io/api/v1/intake-http` |
| 24 | + |
| 25 | +Then append the path `/<path>` (e.g., `/plain`, `/plain/batch`, `/jsons`, `/batch`, `/array`, etc.) to the corresponding regional base URL. |
| 26 | + |
| 27 | +Examples: |
| 28 | + |
| 29 | +- `https://intake.sekoia.io/batch` |
| 30 | +- `https://intake.fra2.sekoia.io/api/v1/intake-http/batch` |
| 31 | +- `https://intake.mco1.sekoia.io/api/v1/intake-http/jsons` |
| 32 | +- `https://intake.uae1.sekoia.io/api/v1/intake-http/plain/batch` |
| 33 | + |
| 34 | +!!! warning |
| 35 | + The examples below use FRA1 URLs for readability. For other regions, replace the base URL with your regional endpoint. |
10 | 36 |
|
11 | 37 | ## Push our events to Sekoia.io as line-oriented records |
12 | 38 |
|
13 | 39 | To forward events as plain records, you can use the `/plain` endpoint. |
14 | 40 |
|
15 | | -The following headers are handled by Sekoia.io’S HTTPS log collector: |
| 41 | +The following headers are handled by Sekoia.io's HTTPS log collector: |
16 | 42 |
|
17 | 43 | | Header | Mandatory? | Type | Description | |
18 | 44 | |------------------------------|------------|----------|----------------------------------------------------------------------------------------| |
19 | 45 | | `X-SEKOIAIO-INTAKE-KEY` | No | String | Intake to which you would like to push events to | |
20 | 46 | | `X-SEKOIAIO-EVENT-TIMESTAMP` | No | Datetime | Event date if you want to push your own date (fallback is to use the reception’s date) | |
21 | 47 |
|
22 | 48 |
|
23 | | -Supply the intake key as the header `X-SEKOIAIO-INTAKE-KEY`, as password in the HTTP Basic authentication mechanism or as a parameter in the querystring. |
| 49 | +Supply the intake key as the header `X-SEKOIAIO-INTAKE-KEY`, as password in the HTTP Basic authentication mechanism, or as a parameter in the query string. |
24 | 50 |
|
25 | 51 | To push one event, just POST content to `https://intake.sekoia.io/plain` |
26 | 52 |
|
@@ -121,15 +147,15 @@ curl -X POST -H "X-SEKOIAIO-INTAKE-KEY: REPLACE_BY_INTAKE_KEY" --data-binary @ev |
121 | 147 |
|
122 | 148 | To send us events as a JSON list, you should set `Content-Type` HTTP header to `application/json`. |
123 | 149 |
|
124 | | -The following headers are handled by Sekoia.io’S HTTPS log collector: |
| 150 | +The following headers are handled by Sekoia.io's HTTPS log collector: |
125 | 151 |
|
126 | 152 | | Header | Mandatory? | Type | Description | |
127 | 153 | |------------------------------|------------|----------|----------------------------------------------------------------------------------------| |
128 | 154 | | `X-SEKOIAIO-INTAKE-KEY` | No | String | Intake to which you would like to push events to | |
129 | 155 | | `X-SEKOIAIO-EVENT-TIMESTAMP` | No | Datetime | Event date if you want to push your own date (fallback is to use the reception’s date) | |
130 | 156 |
|
131 | 157 |
|
132 | | -Supply the intake key as the header `X-SEKOIAIO-INTAKE-KEY`, as password in the HTTP Basic authentication mechanism or as a parameter in the querystring. |
| 158 | +Supply the intake key as the header `X-SEKOIAIO-INTAKE-KEY`, as password in the HTTP Basic authentication mechanism, or as a parameter in the query string. |
133 | 159 |
|
134 | 160 | Use the endpoint `/jsons`. This endpoint accepts a set of events: |
135 | 161 |
|
@@ -223,11 +249,11 @@ If your events are enclosed in a JSON object, use the endpoint `/jsons` and prov |
223 | 249 |
|
224 | 250 | To send us events, you should set `Content-Type` HTTP header to `application/json`. |
225 | 251 |
|
226 | | -The following fields are currently handled by Sekoia.io’S HTTPS log collector: |
| 252 | +The following fields are currently handled by Sekoia.io's HTTPS log collector: |
227 | 253 |
|
228 | 254 | | Field | Mandatory? | Type | Description | |
229 | 255 | |---------------|------------|----------|--------------------------------------------------------------------------------------------------------| |
230 | | -| `intakey_key` | Yes | String | Intake to which you would like to push events to | |
| 256 | +| `intake_key` | Yes | String | Intake to which you would like to push events to | |
231 | 257 | | `json` | Yes | String | The actual log payload. If you want to push structured JSON logs, please send them as quoted JSON here | |
232 | 258 | | `@timestamp` | No | Datetime | Event date if you want to push your own date (fallback is to use the reception’s date) | |
233 | 259 |
|
|
0 commit comments