Generate a JWT token to begin collecting third-party logs via HTTP event collection, and forward the log data to TrendAI Vision One™ for analysis and correlation or compliance purposes.
 |
NoteThis feature is not yet available in all regions.
|
Procedure
- Go to .
- Create a new log repository or select an existing log repository.
- On the Log repository panel, go to the Collectors tab and click Add collector.The Add collector screen appears.
- Select the vendor, product, log format, and log timezone of the log source.
- Specify the collector name and description.
- Select HTTP event collection as the log ingestion method.
- Click Add.
- On the Generate JWT token screen, select the JWT token expiration and click Generate token.
Note
To manage JWT tokens for your third-party log collectors, go to and click Manage JWT tokens. - On the Copy JWT token screen, copy and save the token.
- Click Close.
- On the Log repository drawer on the Collectors tab, verify the information (including endpoint URL) under the collector you created.
Note
You can use the following API specifications to forward logs:-
Headers:HeaderValueDescriptionAuthorizationBearer <token>Required. The JWT token generated during collector creation.Content-Typetext/plainRequired. Currently, the endpoint only accepts plain text content.
-
Request body: The payload body is treated as a text stream. Each line (separated by \n or \r\n) is ingested as a separate log entry.
-
Example:
curl -X POST <endpoint> \ -H "Authorization: Bearer <TOKEN>" \ -H "Content-Type: text/plain" \ -d '<189>Feb 01 10:00:00 router-1 denied tcp src 10.0.0.1 <189>Feb 01 10:00:01 router-2 permitted tcp src 10.0.0.2'
-