HTTPS Log Forwarding
Please consider the following when creating and managing HTTPS profiles.
Client Authorization and Payload Format
When creating or editing an HTTPS profile, payloadFormat must correspond to the clientAuth:
clientAuth | payloadFormat |
|---|---|
ClientAuthBasic | "ARRAY_JSON" or "STACKED_JASON" |
ClientAuthSentinel | "ARRAY_JSON" |
ClientAuthSplunk | "STACKED_JASON" |
ClientAuthChronicle | "Array JSON" |
Any other combination will throw a mapping error.
Null Value on GET Call
When you create an HTTPS profile with the POST API, you must pass a value for ClientAuth. However, for security reasons, when you retrieve a profile with a GET call, ClientAuth will return null.
(Google Chronicle Only) Stringify Service Account Token
When clientAuth is ClientAuthChronicle, you must provide a serviceAccount JSON object. In order to pass the JSON object, you must first convert it into a string.
For definitions of the fields mentioned, please see the API Reference.
For more information about HTTPS log forwarding, please see the user documentation.