feat(quickwit_output): add quickwit config documentation

Signed-off-by: Idriss Neumann <idriss.neumann@comwork.io>
falcosecurity · Jan 2, 2024 · 9b1d688 · 9b1d688
1 parent 309b1d1
commit 9b1d688
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -111,6 +111,7 @@ Follow the links to get the configuration of each output.
 - [**Zincsearch**](https://github.com/falcosecurity/falcosidekick/blob/master/docs/outputs//zincsearch.md)
 - [**OpenObserve**](https://github.com/falcosecurity/falcosidekick/blob/master/docs/outputs/openobserve.md)
 - [**SumoLogic**](https://github.com/falcosecurity/falcosidekick/blob/master/docs/outputs/sumologic.md)
+- [**Quickwit**](https://github.com/falcosecurity/falcosidekick/blob/master/docs/outputs/quickwit.md)
 
 ### Object Storage
 

diff --git a/docs/outputs/quickwit.md b/docs/outputs/quickwit.md
@@ -0,0 +1,42 @@
+# Quickwit
+
+- **Category**: Logs
+- **Website**: https://quickwit.io/
+
+## Table of content
+
+- [Quickwit](#quickwit)
+  - [Table of content](#table-of-content)
+  - [Configuration](#configuration)
+  - [Example of config.yaml](#example-of-configyaml)
+
+## Configuration
+
+| Setting                         | Env var                         | Default value    | Description                                                                                                                         |
+| ------------------------------- | ------------------------------- | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
+| `quickwit.hosport`              | `QUICKWIT_HOSTPORT`             |                  | http://{domain or ip}:{port}, if not empty, Quickwit output is **enabled**                                                          |
+| `quickwit.apiendpoint`          | `QUICKWIT_APIENDPOINT`          | `/api/v1`        | API endpoint (containing the API version, overideable in case of quickwit behind a reverse proxy with URL rewriting)                |
+| `quickwit.index`                | `QUICKWIT_INDEX`                | `falco`          | Index                                                                                                                               |
+| `quickwit.version`              | `QUICKWIT_VERSION`              | `0.6`            | Version of quickwit                                                                                                                 |
+| `quickwit.customheaders`        | `QUICKWIT_CUSTOMHEADERS`        |                  | Custom headers to add in POST, useful for Authentication                                                                            |
+| `quickwit.mutualtls`            | `QUICKWIT_MUTUALTLS`            | `false`          | Authenticate to the output with TLS, if true, checkcert flag will be ignored (server cert will always be checked)                   |
+| `quickwit.checkcert`            | `QUICKWIT_CHECKCERT`            | `true`           | Check if ssl certificate of the output is valid                                                                                     |
+| `quickwit.minimumpriority`      | `QUICK_MINIMUMPRIORITY`         | `""` (= `debug`) | Minimum priority of event for using this output, order is `emergency,alert,critical,error,warning,notice,informational,debug or ""` |
+
+> **Note**
+The Env var values override the settings from yaml file.
+
+## Example of config.yaml
+
+```yaml
+quickwit:
+  # hostport: ""
+  # apiendpoint: "/api/v1"
+  # index: "falco"
+  # version: "0.6"
+  # customHeaders:
+  #   key: value
+  # mutualtls: false
+  # checkcert: true
+  # minimumpriority: ""
+```