PICO | Dual forwarding | Simultaneous Filtered and Unfiltered data forwarding

Hello members,

I am trying to plan a deployment of DNIF v9 in my organisation and would like to know if the following can be achieved with a PICO component from ingestion point of view:

Untitled Diagram

Hope the above diagram illustrates clearly the requirement…basically we want to ingest all data received on PICOs within DNIF and forward only certain events based on string match to a different analytics tool…I hope the filter can be applied to all data received including that of database and cloud connectors :thinking:?

Hello Simon,

Thanks for joining the DNIF community and trying us out.

Please find the below link which will provide you the detailed information on the working of the PICO component.

[PICO - Components]

Regards,
Flash

Thanks @Flash - Could you please help me with configuration tutorial or SOP maybe to configure as per above quoted requirement?

Thanks again :slight_smile:

Hey Simon,

Happy to help you.

In PICO, we have “raw-Syslog-forwarder”(Raw Syslog Forwarder Configuration), in which we can configure the list of IP addresses of the Syslog servers to which the raw logs will be forwarded. The PICO has the string match functionality from which you can filter the events and forward the same.

For detailed information, please visit the below link.

Filtering with PICO

Regards,
Flash

In addition to the above, if you are planning to install the PICO component, then please visit the below link to get the latest version available for the installation.

https://hub.docker.com/r/dnif/ship-pico/tags?page=1&ordering=last_updated

Regards,
Flash

1 Like

Thanks @Flash will check this out…