Sources

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Overview

Use Observability Pipelines’ sources to receive logs from your different log sources. Sources have different prerequisites and settings. Some sources also need to be configured to send logs to the Observability Pipelines Worker.

Select a source in the left navigation menu to see more information about it.

Standard metadata fields

All sources add the following standard metadata fields to ingested events:

Field name	Value type	Example
`hostname`	String	`"ip-34-2-553.us.test"`
`timestamp`	String	`"2024-06-17T22:25:55.439Z"`
`source_type`	String	`"splunk_tcp"`

For example, if this is the raw event:

{
  "foo": "bar"
}

Then the enriched event with the standard metadata fields is:

{
  "foo": "bar",
  "hostname": "ip-34-2-553.us.test",
  "timestamp": "2024-06-17T22:25:55.439Z",
  "source_type": "splunk_tcp"
}

You can see these standard metadata fields when you use the tap command to see the events sent through the source.

After events are ingested by the source, they get sent to different processors and destinations that might update those fields. For example, if the event is sent to the Datadog Logs destination, the timestamp field gets converted to UNIX format.

Note: The bytes in per second metric in the UI is for ingested raw events, not enriched events.

Sources

Overview

Standard metadata fields

Further reading