Log Forwarder
Overview
Log Forwarder in Motadata AIOps allows you to forward the ingested logs to a third-party software. This allows users the flexibility to perform any operations on the collected log data or analyze it using a different software. You can choose between Syslog-TCP, Syslog-UDP, and HTTP/HTTPS types of log fowarders.
Motadata AIOps can forward logs in either JSON format or raw Logs. You can also filter specific logs by applying a source filter.
Navigation
Go to Main Menu, select Settings 
. After that, go to Log Settings 
. Select Log Forwarder.
Log Forwarder Screen
The following fields are present on the screen:
| Field | Description |
|---|---|
| Forwarder Name | Name of the forwarder. |
| Description | Description for the forwarder. |
| Forwarder Type | Type of the forwarder. |
| Forward As | Format of logs in which they will be forwarded. |
| Forwarder Status | Status of the Log Forwarder. |
| Action | Actions available for the Log Forwarder. |
Now, let's understand how to create a Log forwarder.
Create Log Forwarder
On the Log Forwarder screen, click on the Create Log Forwarder option. Since the parameters to create a Log Forwarder vary as per the type of Log Forwarder, let's understand how to create each Log Forwarder type individually.
- Syslog - TCP
- Syslog - UDP
Enter the details of all the parameters on the Create Log Forwarder screen as per the following:
| Field | Description |
|---|---|
| Forwarder Name: | Enter the name of the forwarder you want to create. |
| Description: | Provide a description for the log forwarder. You can also describe where the log are being forwarded. |
| Forwarder Type: | Select Syslog-TCP from the options in dropdown. |
| Destination IP: | Enter the destination IP where you want to forward you logs. |
| Destination Port: | Enter the destination port number. |
| Source Filter: | Select a source filter option using the dropdown menu. |
| Source: | Depending on the option you chose in the Source Filter field, select an IP, host type, or group from the dropdown menu. |
| Filter: | Set a filter condition if you wish to filter out logs before forwarding them. The Filter is discussed in detail further in this guide. |
| Forward Log as: | Choose the format in which logs will be forwarded from the dropdown menu. |
Once you have configured all the options according to your requirements, click on the Test button. Motadata AIOps will then test the Port and IP configuration settings. Once the test is succesfull, the Create Forwarder button will appear.
Enter the details of all the parameters on the Create Log Forwarder screen as per the following:
| Field | Description |
|---|---|
| Forwarder Name: | Enter the name of the forwarder you want to create. |
| Description: | Provide a description for the log forwarder. You can also describe where the log are being forwarded. |
| Forwarder Type: | Select Syslog-UDP from the options in dropdown. |
| Destination IP: | Enter the destination IP where you want to forward you logs. |
| Destination Port: | Enter the destinattion port number. |
| Source Filter: | Select a source filter option using the dropdown menu. |
| Source: | Depending on the option you chose in the Source Filter field, select an IP, host type, or group from the dropdown menu. |
| Filter: | Set a filter condition if you wish to filter out logs before forwarding them. The Filter is discussed in detail further in this guide. |
| Forward Log as: | Choose the format in which logs will be forwarded from the dropdown menu. |
Once you have configured all the options according to your requirements, click on the Test button. Motadata AIOps will then perform a ping check. If the test is successful, the Create Log Forwarder button will appear.
Configuring Prefilters
You can use prefilters to filter out logs before forwarding them. Prefilters allow you to define a specific criteria that must be met before the logs can be forwarded.This ensures you only receive logs that are relevant to your monitoring or investigation needs.
Before we dive into understanding all the configuration parameters available in Prefilter; you should know that a Prefilter allows you to create 3 groups and each group accepts a total of 3 criteria.
| Field | Description |
|---|---|
| Group(s) Matching: | You can choose the type of operation to be performed on inter-groups. Below is a gist of available options: - ALL:When selected, this will ensure that filtering criteria defined in all groups defined is met. - ANY: When selected, this will ensure that filtering criteria of any ONE group is met. |
| Group Matching: | This option will help you define if you want to include or exclude the logs that meet the criteria defined in a single group: - Include: When selected, logs that meet the defined criteria will be forwarded. - Exclude: When selected, logs that meet the defined criteria will be excluded and not forwarded. |
| Criterias: | This option will help you define intra-group operations. Below is a gist of available options: - All: If selected, logs will have to meet all the defined criteria in the group. - Any: When selected, logs will have to meet only one of the criteria defined in the group. |
| Counter: | Select a metric counter using the dropdown.The options may vary depending on your selection of Forwarder type. |
| Select Operator: | Use the dropdown to select operator to be performed on the selected counter. |
| Value: | Define a value with respect to the counter and operator to complete the criteria. |
To add new group, click on the Add New Group option.
To Preview a sample of logs that will be forwarded, click on the Preview option. Motadata AIOps will automatically adjust the preview according to the log format you have selected in the Forward Log As field. By default, the sample log preview will be of 30 minutes.
Click on Reset to reset all the parameters.