Azure Data Explorer (Kusto)

Azure Data Explorer (Kusto) Destination Plugin

Azure Data Explorer (Kusto) is a cloud-based analytics service offered by Microsoft Azure. It is designed to help users analyze large amounts of data quickly and easily. Kusto uses a proprietary query language called KQL (Kusto Query Language) that enables users to perform complex data queries and visualizations. Kusto is particularly useful for log and telemetry data analysis, as it is designed to handle large amounts of structured and unstructured data in real-time. Use the Azure Monitor Logs destination plugin to easily configure your Calyptia Core pipeline to send your logs and metrics data directly to Azure Data Explorer (Kusto)
Configuration Parameters
The following are configuration Parameters for Azure Data Explorer (Kusto) Destination Plugin.
Key
Description
Tenant ID
The tenant/domain ID of the AAD registered application.
Client ID
Required - The client ID of the AAD registered application.
Ingestion Endpoint
The clusters ingestion endpoint, usually in the form https://ingest-cluster_name.region.kusto.windows.net
Database Name
The database name
Table Name
The table name
The following are Advanced configuration Parameters for Azure Data Explorer (Kusto) Destination Plugin.
Key
Description
Ingestion Mapping Reference
The name of a JSON ingestion mapping that will be used to map the ingested payload into the table columns.
Log Key
Key name of the log content.
Enable Tag Key
If enabled, the tag is appended to output. The key name is used tag_key property.
Tag Key
Optional parameter to specify the key name where the tag is stored
Enable Time Key
If enabled, a timestamp is appended to output. The key name is used time_key property.
Time Key
Optional parameter to specify the key name where the timestamp is stored
The following are Security and TLS configuration Parameters for Azure Data Explorer (Kusto) Destination Plugin.
Key
Description
TLS
Enable or Disable TLS/SSL support
TLS Certificate Validation
Turn TLS/SSL certificate validation on / off, TLS must be on for this setting to be enabled.
TLS Debug Level
Set TLS debug verbosity level. It accepts the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), and 4 Verbose
CA Certificate File Path
Absolute path to CA certificate file
Certificate File Path
Absolute path to Certificate file
Private key File Path
Absolute path to private Key file
Private Key Path Password
Optional password for tls.key_file file
TLS SNI Hostname Extension
Hostname to be used for TLS SNI Extension
The following are Advanced Networking configuration Parameters for Azure Data Explorer (Kusto) Destination Plugin.
Key
Description
DNS Mode
Select the primary DNS connection type (TCP or UDP)
DNS Resolver
Select the primary DNS connection type (TCP or UDP)
Prefer IPv4
Prioritize IPv4 DNS results when trying to establish a connection
Keepalive
Enable or disable Keepalive support
Keepalive Idle Timeout
Set maximum time allowed for an idle Keepalive connection
Max Connect Timeout
Set maximum time allowed to establish a connection, this time includes the TLS handshake
Max Connect Timeout Log Error
On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message
Max Keepalive Recycle
Set maximum number of times a keepalive connection can be used before it is retired.
Source Address
Specify network address to bind for data traffic

Key	Description
Tenant ID	The tenant/domain ID of the AAD registered application.
Client ID	Required - The client ID of the AAD registered application.
Ingestion Endpoint	The clusters ingestion endpoint, usually in the form https://ingest-cluster_name.region.kusto.windows.net
Database Name	The database name
Table Name	The table name

Key	Description
Ingestion Mapping Reference	The name of a JSON ingestion mapping that will be used to map the ingested payload into the table columns.
Log Key	Key name of the log content.
Enable Tag Key	If enabled, the tag is appended to output. The key name is used tag_key property.
Tag Key	Optional parameter to specify the key name where the tag is stored
Enable Time Key	If enabled, a timestamp is appended to output. The key name is used time_key property.
Time Key	Optional parameter to specify the key name where the timestamp is stored

Key	Description
TLS	Enable or Disable TLS/SSL support
TLS Certificate Validation	Turn TLS/SSL certificate validation on / off, TLS must be on for this setting to be enabled.
TLS Debug Level	Set TLS debug verbosity level. It accepts the following values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), and 4 Verbose
CA Certificate File Path	Absolute path to CA certificate file
Certificate File Path	Absolute path to Certificate file
Private key File Path	Absolute path to private Key file
Private Key Path Password	Optional password for tls.key_file file
TLS SNI Hostname Extension	Hostname to be used for TLS SNI Extension

Key	Description
DNS Mode	Select the primary DNS connection type (TCP or UDP)
DNS Resolver	Select the primary DNS connection type (TCP or UDP)
Prefer IPv4	Prioritize IPv4 DNS results when trying to establish a connection
Keepalive	Enable or disable Keepalive support
Keepalive Idle Timeout	Set maximum time allowed for an idle Keepalive connection
Max Connect Timeout	Set maximum time allowed to establish a connection, this time includes the TLS handshake
Max Connect Timeout Log Error	On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message
Max Keepalive Recycle	Set maximum number of times a keepalive connection can be used before it is retired.
Source Address	Specify network address to bind for data traffic

Azure Sentinel

Azure EventHub

Last modified 2mo ago