Use Playbooks to retrieve logs

Logs nodes allows you to take an input, usually coming from a request to an API to retrieve logs, and process it to extract and store to SGBox a set of log lines.
The input always comes from a previous node in the flow. Select a node from the list to show its output.
Available nodes, to manage different input formats, are

• JSON logs
• CSV logs
• TEXT logs

JSON logs

Once the JSON output of a previous node is displayed, you can click on its keys to tell the node where to extract the logs from. Then, you have to tell the node where to extract the timestamp from, its format, the host, and other info. Follow the guide inside the node form.

See this article if you there are some problem to collect the logs see the advanced section

CSV logs

Retrieve logs from API

You can create a Playbook with one or more api requests, using Start timestamp and End timestamp parameters, followed by a Logs node.
Then, just schedule the playbook to be executed with any periodicity and, at every execution, it will call the API with updated timestamps to retrieve the last available logs and store them into SGBox, available for consultation in the Historical Search page.