Adding ingestion data sources

Add new ingestion data sources to receive events from your network devices, servers, workstations, SaaS services, or applications.

Before you begin

You must ensure that a Data Collector is configured before you can add data sources. See Installing and registering Data Collector.

Procedure

  1. From the main menu, click Connections > Ingestion data sources.
  2. On the Ingestion data sources page, click Add a data source.
  3. Select a Data source type.
  4. Select the relevant connector type for your data source.
  5. In the Data source identifier field, enter a unique identifier for the system or application that generates the event data.
    Important: Some connector types have restrictions on valid values for this field. See the configuration instructions for the selected data source type and connector type.
  6. To enable the ingestion data source to be ingested, parsed, and normalized, ensure that the Enabled parameter is set to On.
  7. If there are multiple language options available for the selected data source type, select the Language the events are expressed in.
  8. Select a Data Collector to collect the events for this data source.
    The Data Collector must have visibility to the external system that the data source represents.
    Tip: Data sources that use the Syslog Connector type do not need to be assigned to a particular Data Collector. A Syslog listener is automatically active on all Data Collectors, so a Syslog feed can go to any Data Collector, or balance the load across multiple Data Collectors. The events are received and forwarded to QRadar® Log Insights.
  9. Select a Credibility level from the list.
    You can choose a credibility level from 0 to 10. The higher the credibility, the more certain you are that this log source sends reliable events.
  10. To store original event payloads in addition to the normalized record, set the Store event payloads parameter to On.
  11. Optional: In the Sending IP field, enter the IP address of the data source whose events are sent to the Data Collector.
  12. On the Connector tab, complete the parameters for the selected data source type and Connector type combination.
    See the instructions for your data source type and Connector type.
  13. Click Add.
  14. To edit an ingestion data source, select the ingestion data source that you want to edit and from the menu, click Edit.
  15. To delete an ingestion data source, select the ingestion data source that you want to delete and from the menu, click Delete > Delete.

Results

You see a list of the added ingestion data sources in the table on the Ingestion data sources page.