Contents x
    Humio
    • 05 Oct 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Humio

    • Updated on 05 Oct 2024
    • 1 Minute to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Output events and detections to the Humio.com service.

    • humio_repo: the name of the humio repo to upload to.

    • humio_api_token: the humio ingestion token.

    • endpoint_url: optionally specify a custom endpoint URL, if you have Humio deployed on-prem use this to point to it, otherwise it defaults to the Humio cloud.

    Example:

    humio_repo: sandbox
humio_api_token: fdkoefj0erigjre8iANUDBFyfjfoerjfi9erge

    Note: You may need to create a new parser in Humio to correctly parse timestamps.  You can use the following JSON parser:

    parseJson() | parseTimestamp(field=@timestamp,format="unixTimeMillis",timezone="Etc/UTC")

    For the Community Edition of Humio, the endpoint_url is: https://cloud.community.humio.com.

    Was this article helpful?
    What's Next