feat: Add QRadar exporter - Githubissues

observIQ / bindplane-agent

observIQ’s distribution of the OpenTelemetry collector providing a simple and unified solution to collect, refine, and ship telemetry data anywhere

Apache License 2.0

103 stars 27 forks source link

feat: Add QRadar exporter #1866

Closed shazlehu closed 1 month ago

shazlehu commented 1 month ago

Proposed Change

Adds QRadar exporter.

Test by using the following custom destination:

qradar:
    raw_log_field: body
    retry_on_failure:
        enabled: false
    sending_queue:
        enabled: false
    syslog:
        endpoint: qr75-appliance.bluemedora.localnet:514
        transport: udp

Send a JSON payload from Telemetry generator.

Log into QRadar at http://qr75-appliance.bluemedora.localnet
Select "Admin" from the Tabs
Select "Log Sources" from the "Data Sources" section
Select "Events" from the "..." menu on the "SIM Generic Log DSM-7 :: qr75-appliance" line
Logs should appear there, double-clicking a line should show the correct payload

Checklist

[ ] Changes are tested
[ ] CI has passed