MENU
      Contents x
      Google Cloud BigQuery
      • 10 Dec 2024
      • 1 Minute to read
      • Print
      • Dark
      Contents

      Google Cloud BigQuery

      • Updated on 10 Dec 2024
      • 1 Minute to read
      • Print
      • Dark
      Article summary

      Output events and detections to a Google Cloud BigQuery Table.

      For a practical use case of this output, see this tutorial on pushing Velociraptor data to BigQuery.

      • schema: describes the column names, data types, and other information; should match the text-formatted schema from bigquery

      • table: the table name where to send data.

      • dataset: the dataset name where to send data.

      • project: the project name where to send the data.

      • secret_key: the secret json key identifying a service account.

      • sec_per_file: the number of seconds after which a batch of data is loaded.

      • custom_transform: should align with the schema fields/formats

      Example:

      schema: event_type:STRING, oid:STRING, sid:STRING
table: alerts
dataset: limacharlie_data
project: lc-example-analytics
secret_key: {
  "type": "service_account",
  "project_id": "my-lc-data",
  "private_key_id": "11b6f4173dedabcdefb779e4afae6d88ddce3cc1",
  "private_key": "-----BEGIN PRIVATE KEY-----\n.....\n-----END PRIVATE KEY-----\n",
  "client_email": "my-service-writer@my-lc-data.iam.gserviceaccount.com",
  "client_id": "102526666608388828174",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://oauth2.googleapis.com/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/my-service-writer%40my-lc-data.iam.gserviceaccount.com"
}
custom_transform: |-
  {
    "oid":"routing.oid",
    "sid":"routing.sid",
    "event_type":"routing.event_type"
  }
      YAML

      Was this article helpful?
      Related articles
      What's Next