/
manifest.yml
64 lines (62 loc) · 2.76 KB
/
manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
type: logs
title: Azure Audit Logs
streams:
- input: "azure-eventhub"
enabled: false
template_path: "azure-eventhub.yml.hbs"
title: "Azure audit logs"
description: "Collect Azure audit logs using azure-eventhub input"
vars:
- name: preserve_original_event
required: true
show_user: true
title: Preserve original event
description: Preserves a raw copy of the original event, added to the field `event.original`
type: bool
multi: false
default: false
- name: storage_account_container
type: text
title: Storage Account Container
multi: false
required: false
show_user: false
description: >
The storage account container where the integration stores the checkpoint data for the consumer group. It is an advanced option to use with extreme care. You MUST use a dedicated storage account container for each Azure log type (activity, sign-in, audit logs, and others). DO NOT REUSE the same container name for more than one Azure log type. See [Container Names](https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names) for details on naming rules from Microsoft. The integration generates a default container name if not specified.
- name: tags
type: text
title: Tags
multi: true
required: true
show_user: false
default:
- azure-auditlogs
- forwarded
- name: processors
type: yaml
title: Processors
multi: false
required: false
show_user: false
description: >
Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
- name: sanitize_newlines
type: bool
title: Sanitizes New Lines
description: Removes new lines in logs to ensure proper formatting of JSON data and avoid parsing issues during processing.
multi: false
required: false
show_user: false
default: false
- name: sanitize_singlequotes
required: true
show_user: false
title: Sanitizes Single Quotes
description: Replaces single quotes with double quotes (single quotes inside double quotes are omitted) in logs to ensure proper formatting of JSON data and avoid parsing issues during processing.
type: bool
multi: false
default: false
# Ensures agents have permissions to write data to `logs-*-*`
elasticsearch:
dynamic_dataset: true
dynamic_namespace: true