Stdin

This example is similar to the Syslog example above, except it uses the CLI Adapter and receives the data from the CLI's STDIN interface. This method is perfect for ingesting arbitrary logs on disk or from other applications locally.

./lc_adapter stdin client_options.identity.installation_key=e9a3bcdf-efa2-47ae-b6df-579a02f3a54d \
    client_options.identity.oid=8cbe27f4-bfa1-4afb-ba19-138cd51389cd \
    client_options.platform=text \
    "client_options.mapping.parsing_re=(?P<date>... \d\d \d\d:\d\d:\d\d) (?P<host>.+) (?P<exe>.+?)\[(?P<pid>\d+)\]: (?P<msg>.*)" \
    client_options.sensor_seed_key=testclient3 \
    client_options.mapping.event_type_path=exe

Here's a breakdown of the above example:

• lc_adapter: simply the CLI Adapter.

• stdin: the method the Adapter should use to collect data locally. The stdin value will simply ingest from the Adapter's STDIN.

• client_options.identity.installation_key=....: the Installation Key value from LimaCharlie.

• client_options.identity.oid=....: the Organization ID from LimaCharlie the installation key above belongs to.

• client_options.platform=text: this indicates the type of data that will be received from this adapter. In this case it's text lines.

• client_options.mapping.parsing_re=....: this is the parsing expression describing how to interpret the text lines and how to convert them to JSON.

• client_options.sensor_seed_key=....: this is the value that identifies this instance of the Adapter. Record it to re-use the Sensor ID generated for this Adapter later if you have to re-install the Adapter.

• client_options.mapping.event_type_path=....: specifies the field that should be interpreted as the "event_type" in LimaCharlie.