f5xc_global_log_receiver Resource - terraform-provider-f5xc
f5xc_global_log_receiver (Resource)
Section titled “f5xc_global_log_receiver (Resource)”Manages new Global Log Receiver object. in F5 Distributed Cloud.
~> Note For more information about this resource, please refer to the F5 XC API Documentation.
Example Usage
Section titled “Example Usage”# Global Log Receiver Resource Example# Manages new Global Log Receiver object. in F5 Distributed Cloud.
terraform { required_version = ">= 1.0"
required_providers { f5xc = { source = "f5xc-salesdemos/f5xc" version = ">= 0.1.0" } }}
# Basic Global Log Receiver configurationresource "f5xc_global_log_receiver" "example" { name = "example-global-log-receiver" namespace = "staging"
labels = { environment = "production" managed_by = "terraform" }
annotations = { "owner" = "platform-team" }
# Resource-specific configuration # [OneOf: audit_logs, dns_logs, request_logs, security_even... audit_logs { # Configure audit_logs settings } # [OneOf: aws_cloud_watch_receiver, azure_event_hubs_receiv... aws_cloud_watch_receiver { # Configure aws_cloud_watch_receiver settings } # Type establishes a direct reference from one object(the r... aws_cred { # Configure aws_cred settings }}
# The following optional fields have server-applied defaults and can be omitted:# - ns_currentArgument Reference
Section titled “Argument Reference”🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.
Minimum Configuration
Section titled “Minimum Configuration”Required fields:
namenamespacelog_typereceiver_choice
Example (API format):
metadata: name: my-log-receiver namespace: systemspec: request_logs: {} http_receiver: uri: `http://logs.example.com/ingest`Metadata Argument Reference
Section titled “Metadata Argument Reference”• name - Required String
Name of the Global Log Receiver. Must be unique within the namespace
• namespace - Required String
Namespace where the Global Log Receiver will be created
• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata
• description - Optional String
Human readable description for the object
• disable - Optional Bool
A value of true will administratively disable the object
• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering
Spec Argument Reference
Section titled “Spec Argument Reference”-> One of the following:
• audit_logs - Optional Block
Enable this option
• dns_logs - Optional Block
Enable this option
• request_logs - Optional Block
Configuration parameter for request logs
• security_events - Optional Block
Enable this option
-> One of the following:
• aws_cloud_watch_receiver - Optional Block
AWS Cloudwatch Logs Configuration for Global Log Receiver
See AWS Cloud Watch Receiver below for details.
• azure_event_hubs_receiver - Optional Block
Azure Event Hubs Configuration for Global Log Receiver
See Azure Event Hubs Receiver below for details.
• azure_receiver - Optional Block
Azure Blob Configuration for Global Log Receiver
See Azure Receiver below for details.
• datadog_receiver - Optional Block
Datadog Configuration. Configuration for Datadog endpoint
See Datadog Receiver below for details.
• gcp_bucket_receiver - Optional Block
GCP Bucket Configuration for Global Log Receiver
See GCP Bucket Receiver below for details.
• http_receiver - Optional Block
Configuration parameter for HTTP receiver
• kafka_receiver - Optional Block
Kafka Configuration for Global Log Receiver
• new_relic_receiver - Optional Block
Configuration parameter for new relic receiver
• qradar_receiver - Optional Block
Configuration parameter for qradar receiver
• s3_receiver - Optional Block
S3 Configuration for Global Log Receiver
• splunk_receiver - Optional Block
Configuration for Splunk HEC Logs endpoint
• sumo_logic_receiver - Optional Block
Configuration parameter for sumo logic receiver
-> One of the following:
• ns_all - Optional Block
Enable this option
• ns_current - Optional Block Defaults to map[]
Enable this option. Server applies default when omitted
• ns_list - Optional Block
Namespace List. Namespace List
• timeouts - Optional Block
Attributes Reference
Section titled “Attributes Reference”In addition to all arguments above, the following attributes are exported:
• id - Optional String
Unique identifier for the resource
AWS Cloud Watch Receiver
Section titled “AWS Cloud Watch Receiver”An aws_cloud_watch_receiver block supports the following:
• aws_cred - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See AWS Cred below.
• aws_region - Optional String
AWS Region. AWS Region Name
• batch - Optional Block
Batch OPTIONS allow tuning for how batches of logs are sent to an endpoint
See Batch below.
• compression - Optional Block
Configuration parameter for compression
See Compression below.
• group_name - Optional String
The group name of the target Cloudwatch Logs stream
• stream_name - Optional String
The stream name of the target Cloudwatch Logs stream. Note that there can only be one writer to a log stream at a time
AWS Cloud Watch Receiver AWS Cred
Section titled “AWS Cloud Watch Receiver AWS Cred”An aws_cred block (within aws_cloud_watch_receiver) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
AWS Cloud Watch Receiver Batch
Section titled “AWS Cloud Watch Receiver Batch”A batch block (within aws_cloud_watch_receiver) supports the following:
• max_bytes - Optional Number
Send batch to endpoint after the batch is equal to or larger than this many bytes
• max_bytes_disabled - Optional Block
Enable this option
• max_events - Optional Number
Send batch to endpoint after this many log messages are in the batch
• max_events_disabled - Optional Block
Enable this option
• timeout_seconds - Optional String
Send batch to the endpoint after this many seconds
• timeout_seconds_default - Optional Block
Enable this option
AWS Cloud Watch Receiver Compression
Section titled “AWS Cloud Watch Receiver Compression”A compression block (within aws_cloud_watch_receiver) supports the following:
• compression_default - Optional Block
Configuration parameter for compression default
• compression_gzip - Optional Block
Enable this option
• compression_none - Optional Block
Configuration parameter for compression none
Azure Event Hubs Receiver
Section titled “Azure Event Hubs Receiver”An azure_event_hubs_receiver block supports the following:
• connection_string - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Connection String below.
• instance - Optional String
Event Hubs Instance name into which logs should be stored
• namespace - Optional String
Event Hubs Namespace is namespace with instance into which logs should be stored
Azure Event Hubs Receiver Connection String
Section titled “Azure Event Hubs Receiver Connection String”A connection_string block (within azure_event_hubs_receiver) supports the following:
• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.
• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.
Azure Event Hubs Receiver Connection String Blindfold Secret Info
Section titled “Azure Event Hubs Receiver Connection String Blindfold Secret Info”Deeply nested Info block collapsed for readability.
Azure Event Hubs Receiver Connection String Clear Secret Info
Section titled “Azure Event Hubs Receiver Connection String Clear Secret Info”Deeply nested Info block collapsed for readability.
Azure Receiver
Section titled “Azure Receiver”An azure_receiver block supports the following:
• batch - Optional Block
Batch OPTIONS allow tuning for how batches of logs are sent to an endpoint
See Batch below.
• compression - Optional Block
Configuration parameter for compression
See Compression below.
• connection_string - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Connection String below.
• container_name - Optional String
Container Name is the name of the container into which logs should be stored
• filename_options - Optional Block
Filename OPTIONS allow customization of filename and folder paths used by a destination endpoint bucket or file
See Filename Options below.
Azure Receiver Batch
Section titled “Azure Receiver Batch”A batch block (within azure_receiver) supports the following:
• max_bytes - Optional Number
Send batch to endpoint after the batch is equal to or larger than this many bytes
• max_bytes_disabled - Optional Block
Enable this option
• max_events - Optional Number
Send batch to endpoint after this many log messages are in the batch
• max_events_disabled - Optional Block
Enable this option
• timeout_seconds - Optional String
Send batch to the endpoint after this many seconds
• timeout_seconds_default - Optional Block
Enable this option
Azure Receiver Compression
Section titled “Azure Receiver Compression”A compression block (within azure_receiver) supports the following:
• compression_default - Optional Block
Configuration parameter for compression default
• compression_gzip - Optional Block
Enable this option
• compression_none - Optional Block
Configuration parameter for compression none
Azure Receiver Connection String
Section titled “Azure Receiver Connection String”A connection_string block (within azure_receiver) supports the following:
• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.
• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.
Azure Receiver Connection String Blindfold Secret Info
Section titled “Azure Receiver Connection String Blindfold Secret Info”A blindfold_secret_info block (within azure_receiver.connection_string) supports the following:
• decryption_provider - Optional String
Name of the Secret Management Access object that contains information about the backend Secret Management service
• location - Optional String
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
• store_provider - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///
Azure Receiver Connection String Clear Secret Info
Section titled “Azure Receiver Connection String Clear Secret Info”A clear_secret_info block (within azure_receiver.connection_string) supports the following:
• provider_ref - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///
• url - Optional String
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded base64 format. When asked for this secret, caller will GET Secret bytes after base64 decoding
Azure Receiver Filename Options
Section titled “Azure Receiver Filename Options”A filename_options block (within azure_receiver) supports the following:
• custom_folder - Optional String
Use your own folder name as the name of the folder in the endpoint bucket or file The folder name must match
• log_type_folder - Optional Block
Configuration parameter for log type folder
• no_folder - Optional Block
Enable this option
Datadog Receiver
Section titled “Datadog Receiver”A datadog_receiver block supports the following:
• batch - Optional Block
Batch OPTIONS allow tuning for how batches of logs are sent to an endpoint
See Batch below.
• compression - Optional Block
Configuration parameter for compression
See Compression below.
• datadog_api_key - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Datadog API Key below.
• endpoint - Optional String
Datadog Endpoint,
• no_tls - Optional Block
Enable this option
• site - Optional String
Datadog Site,
• use_tls - Optional Block
TLS Parameters for client connection to the endpoint
See Use TLS below.
Datadog Receiver Batch
Section titled “Datadog Receiver Batch”A batch block (within datadog_receiver) supports the following:
• max_bytes - Optional Number
Send batch to endpoint after the batch is equal to or larger than this many bytes
• max_bytes_disabled - Optional Block
Enable this option
• max_events - Optional Number
Send batch to endpoint after this many log messages are in the batch
• max_events_disabled - Optional Block
Enable this option
• timeout_seconds - Optional String
Send batch to the endpoint after this many seconds
• timeout_seconds_default - Optional Block
Enable this option
Datadog Receiver Compression
Section titled “Datadog Receiver Compression”A compression block (within datadog_receiver) supports the following:
• compression_default - Optional Block
Configuration parameter for compression default
• compression_gzip - Optional Block
Enable this option
• compression_none - Optional Block
Configuration parameter for compression none
Datadog Receiver Datadog API Key
Section titled “Datadog Receiver Datadog API Key”A datadog_api_key block (within datadog_receiver) supports the following:
• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.
• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.
Datadog Receiver Datadog API Key Blindfold Secret Info
Section titled “Datadog Receiver Datadog API Key Blindfold Secret Info”Deeply nested Info block collapsed for readability.
Datadog Receiver Datadog API Key Clear Secret Info
Section titled “Datadog Receiver Datadog API Key Clear Secret Info”Deeply nested Info block collapsed for readability.
Datadog Receiver Use TLS
Section titled “Datadog Receiver Use TLS”An use_tls block (within datadog_receiver) supports the following:
• disable_verify_certificate - Optional Block
Configuration parameter for disable verify certificate
• disable_verify_hostname - Optional Block
Enable this option
• enable_verify_certificate - Optional Block
Configuration parameter for enable verify certificate
• enable_verify_hostname - Optional Block
Enable this option
• mtls_disabled - Optional Block
Enable this option
• mtls_enable - Optional Block
mTLS Client config allows configuration of mTLS client OPTIONS
See mTLS Enable below.
• no_ca - Optional Block
Enable this option
• trusted_ca_url - Optional String
The URL or value for trusted Server CA certificate or certificate chain Certificates in PEM format including the PEM headers
Datadog Receiver Use TLS mTLS Enable
Section titled “Datadog Receiver Use TLS mTLS Enable”A mtls_enable block (within datadog_receiver.use_tls) supports the following:
• certificate - Optional String
Client certificate is PEM-encoded certificate or certificate-chain
• key_url - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Key URL below.
Datadog Receiver Use TLS mTLS Enable Key URL
Section titled “Datadog Receiver Use TLS mTLS Enable Key URL”Deeply nested URL block collapsed for readability.
Datadog Receiver Use TLS mTLS Enable Key URL Blindfold Secret Info
Section titled “Datadog Receiver Use TLS mTLS Enable Key URL Blindfold Secret Info”Deeply nested Info block collapsed for readability.
Datadog Receiver Use TLS mTLS Enable Key URL Clear Secret Info
Section titled “Datadog Receiver Use TLS mTLS Enable Key URL Clear Secret Info”Deeply nested Info block collapsed for readability.
GCP Bucket Receiver
Section titled “GCP Bucket Receiver”A gcp_bucket_receiver block supports the following:
• batch - Optional Block
Batch OPTIONS allow tuning for how batches of logs are sent to an endpoint
See Batch below.
• bucket - Optional String
GCP Bucket Name. GCP Bucket Name
• compression - Optional Block
Configuration parameter for compression
See Compression below.
• filename_options - Optional Block
Filename OPTIONS allow customization of filename and folder paths used by a destination endpoint bucket or file
See Filename Options below.
• gcp_cred - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See GCP Cred below.
GCP Bucket Receiver Batch
Section titled “GCP Bucket Receiver Batch”A batch block (within gcp_bucket_receiver) supports the following:
• max_bytes - Optional Number
Send batch to endpoint after the batch is equal to or larger than this many bytes
• max_bytes_disabled - Optional Block
Enable this option
• max_events - Optional Number
Send batch to endpoint after this many log messages are in the batch
• max_events_disabled - Optional Block
Enable this option
• timeout_seconds - Optional String
Send batch to the endpoint after this many seconds
• timeout_seconds_default - Optional Block
Enable this option
GCP Bucket Receiver Compression
Section titled “GCP Bucket Receiver Compression”A compression block (within gcp_bucket_receiver) supports the following:
• compression_default - Optional Block
Configuration parameter for compression default
• compression_gzip - Optional Block
Enable this option
• compression_none - Optional Block
Configuration parameter for compression none
GCP Bucket Receiver Filename Options
Section titled “GCP Bucket Receiver Filename Options”A filename_options block (within gcp_bucket_receiver) supports the following:
• custom_folder - Optional String
Use your own folder name as the name of the folder in the endpoint bucket or file The folder name must match
• log_type_folder - Optional Block
Configuration parameter for log type folder
• no_folder - Optional Block
Enable this option
GCP Bucket Receiver GCP Cred
Section titled “GCP Bucket Receiver GCP Cred”A gcp_cred block (within gcp_bucket_receiver) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
HTTP Receiver
Section titled “HTTP Receiver”A http_receiver block supports the following:
• auth_basic - Optional Block
Authentication parameters to access HTPP Log Receiver Endpoint
See Auth Basic below.
• auth_none - Optional Block
Enable this option
• auth_token - Optional Block
Access Token. Authentication Token for access
See Auth Token below.
• batch - Optional Block
Batch OPTIONS allow tuning for how batches of logs are sent to an endpoint
See Batch below.
• compression - Optional Block
Configuration parameter for compression
See Compression below.
• no_tls - Optional Block
Enable this option
• uri - Optional String
HTTP URI is the URI of the HTTP endpoint to send logs to,
• use_tls - Optional Block
TLS Parameters for client connection to the endpoint
See Use TLS below.
HTTP Receiver Auth Basic
Section titled “HTTP Receiver Auth Basic”An auth_basic block (within http_receiver) supports the following:
• password - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Password below.
• user_name - Optional String
username. HTTP Basic Auth username
HTTP Receiver Auth Basic Password
Section titled “HTTP Receiver Auth Basic Password”A password block (within http_receiver.auth_basic) supports the following:
• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.
• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.
HTTP Receiver Auth Basic Password Blindfold Secret Info
Section titled “HTTP Receiver Auth Basic Password Blindfold Secret Info”Deeply nested Info block collapsed for readability.
HTTP Receiver Auth Basic Password Clear Secret Info
Section titled “HTTP Receiver Auth Basic Password Clear Secret Info”Deeply nested Info block collapsed for readability.
HTTP Receiver Auth Token
Section titled “HTTP Receiver Auth Token”An auth_token block (within http_receiver) supports the following:
• token - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Token below.
HTTP Receiver Auth Token Token
Section titled “HTTP Receiver Auth Token Token”A token block (within http_receiver.auth_token) supports the following:
• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.
• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.
HTTP Receiver Auth Token Token Blindfold Secret Info
Section titled “HTTP Receiver Auth Token Token Blindfold Secret Info”Deeply nested Info block collapsed for readability.
HTTP Receiver Auth Token Token Clear Secret Info
Section titled “HTTP Receiver Auth Token Token Clear Secret Info”Deeply nested Info block collapsed for readability.
HTTP Receiver Batch
Section titled “HTTP Receiver Batch”A batch block (within http_receiver) supports the following:
• max_bytes - Optional Number
Send batch to endpoint after the batch is equal to or larger than this many bytes
• max_bytes_disabled - Optional Block
Enable this option
• max_events - Optional Number
Send batch to endpoint after this many log messages are in the batch
• max_events_disabled - Optional Block
Enable this option
• timeout_seconds - Optional String
Send batch to the endpoint after this many seconds
• timeout_seconds_default - Optional Block
Enable this option
HTTP Receiver Compression
Section titled “HTTP Receiver Compression”A compression block (within http_receiver) supports the following:
• compression_default - Optional Block
Configuration parameter for compression default
• compression_gzip - Optional Block
Enable this option
• compression_none - Optional Block
Configuration parameter for compression none
HTTP Receiver Use TLS
Section titled “HTTP Receiver Use TLS”An use_tls block (within http_receiver) supports the following:
• disable_verify_certificate - Optional Block
Configuration parameter for disable verify certificate
• disable_verify_hostname - Optional Block
Enable this option
• enable_verify_certificate - Optional Block
Configuration parameter for enable verify certificate
• enable_verify_hostname - Optional Block
Enable this option
• mtls_disabled - Optional Block
Enable this option
• mtls_enable - Optional Block
mTLS Client config allows configuration of mTLS client OPTIONS
See mTLS Enable below.
• no_ca - Optional Block
Enable this option
• trusted_ca_url - Optional String
The URL or value for trusted Server CA certificate or certificate chain Certificates in PEM format including the PEM headers
HTTP Receiver Use TLS mTLS Enable
Section titled “HTTP Receiver Use TLS mTLS Enable”A mtls_enable block (within http_receiver.use_tls) supports the following:
• certificate - Optional String
Client certificate is PEM-encoded certificate or certificate-chain
• key_url - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Key URL below.
HTTP Receiver Use TLS mTLS Enable Key URL
Section titled “HTTP Receiver Use TLS mTLS Enable Key URL”Deeply nested URL block collapsed for readability.
HTTP Receiver Use TLS mTLS Enable Key URL Blindfold Secret Info
Section titled “HTTP Receiver Use TLS mTLS Enable Key URL Blindfold Secret Info”Deeply nested Info block collapsed for readability.
HTTP Receiver Use TLS mTLS Enable Key URL Clear Secret Info
Section titled “HTTP Receiver Use TLS mTLS Enable Key URL Clear Secret Info”Deeply nested Info block collapsed for readability.
Kafka Receiver
Section titled “Kafka Receiver”A kafka_receiver block supports the following:
• batch - Optional Block
Batch OPTIONS allow tuning for how batches of logs are sent to an endpoint
See Batch below.
• bootstrap_servers - Optional List
List of host:port pairs of the Kafka brokers
• compression - Optional Block
Configuration parameter for compression
See Compression below.
• kafka_topic - Optional String
The Kafka topic name to write events to
• no_tls - Optional Block
Enable this option
• use_tls - Optional Block
TLS Parameters for client connection to the endpoint
See Use TLS below.
Kafka Receiver Batch
Section titled “Kafka Receiver Batch”A batch block (within kafka_receiver) supports the following:
• max_bytes - Optional Number
Send batch to endpoint after the batch is equal to or larger than this many bytes
• max_bytes_disabled - Optional Block
Enable this option
• max_events - Optional Number
Send batch to endpoint after this many log messages are in the batch
• max_events_disabled - Optional Block
Enable this option
• timeout_seconds - Optional String
Send batch to the endpoint after this many seconds
• timeout_seconds_default - Optional Block
Enable this option
Kafka Receiver Compression
Section titled “Kafka Receiver Compression”A compression block (within kafka_receiver) supports the following:
• compression_default - Optional Block
Configuration parameter for compression default
• compression_gzip - Optional Block
Enable this option
• compression_none - Optional Block
Configuration parameter for compression none
Kafka Receiver Use TLS
Section titled “Kafka Receiver Use TLS”An use_tls block (within kafka_receiver) supports the following:
• disable_verify_certificate - Optional Block
Configuration parameter for disable verify certificate
• disable_verify_hostname - Optional Block
Enable this option
• enable_verify_certificate - Optional Block
Configuration parameter for enable verify certificate
• enable_verify_hostname - Optional Block
Enable this option
• mtls_disabled - Optional Block
Enable this option
• mtls_enable - Optional Block
mTLS Client config allows configuration of mTLS client OPTIONS
See mTLS Enable below.
• no_ca - Optional Block
Enable this option
• trusted_ca_url - Optional String
The URL or value for trusted Server CA certificate or certificate chain Certificates in PEM format including the PEM headers
Kafka Receiver Use TLS mTLS Enable
Section titled “Kafka Receiver Use TLS mTLS Enable”A mtls_enable block (within kafka_receiver.use_tls) supports the following:
• certificate - Optional String
Client certificate is PEM-encoded certificate or certificate-chain
• key_url - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Key URL below.
Kafka Receiver Use TLS mTLS Enable Key URL
Section titled “Kafka Receiver Use TLS mTLS Enable Key URL”Deeply nested URL block collapsed for readability.
Kafka Receiver Use TLS mTLS Enable Key URL Blindfold Secret Info
Section titled “Kafka Receiver Use TLS mTLS Enable Key URL Blindfold Secret Info”Deeply nested Info block collapsed for readability.
Kafka Receiver Use TLS mTLS Enable Key URL Clear Secret Info
Section titled “Kafka Receiver Use TLS mTLS Enable Key URL Clear Secret Info”Deeply nested Info block collapsed for readability.
New Relic Receiver
Section titled “New Relic Receiver”A new_relic_receiver block supports the following:
• api_key - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See API Key below.
• eu - Optional Block
Enable this option
• us - Optional Block
Enable this option
New Relic Receiver API Key
Section titled “New Relic Receiver API Key”An api_key block (within new_relic_receiver) supports the following:
• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.
• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.
New Relic Receiver API Key Blindfold Secret Info
Section titled “New Relic Receiver API Key Blindfold Secret Info”Deeply nested Info block collapsed for readability.
New Relic Receiver API Key Clear Secret Info
Section titled “New Relic Receiver API Key Clear Secret Info”Deeply nested Info block collapsed for readability.
Ns List
Section titled “Ns List”A ns_list block supports the following:
• namespaces - Optional List
List of namespaces to stream logs for
Qradar Receiver
Section titled “Qradar Receiver”A qradar_receiver block supports the following:
• batch - Optional Block
Batch OPTIONS allow tuning for how batches of logs are sent to an endpoint
See Batch below.
• compression - Optional Block
Configuration parameter for compression
See Compression below.
• no_tls - Optional Block
Enable this option
• uri - Optional String
Log Source Collector URL is the URL of the IBM QRadar Log Source Collector to send logs to,
• use_tls - Optional Block
TLS Parameters for client connection to the endpoint
See Use TLS below.
Qradar Receiver Batch
Section titled “Qradar Receiver Batch”A batch block (within qradar_receiver) supports the following:
• max_bytes - Optional Number
Send batch to endpoint after the batch is equal to or larger than this many bytes
• max_bytes_disabled - Optional Block
Enable this option
• max_events - Optional Number
Send batch to endpoint after this many log messages are in the batch
• max_events_disabled - Optional Block
Enable this option
• timeout_seconds - Optional String
Send batch to the endpoint after this many seconds
• timeout_seconds_default - Optional Block
Enable this option
Qradar Receiver Compression
Section titled “Qradar Receiver Compression”A compression block (within qradar_receiver) supports the following:
• compression_default - Optional Block
Configuration parameter for compression default
• compression_gzip - Optional Block
Enable this option
• compression_none - Optional Block
Configuration parameter for compression none
Qradar Receiver Use TLS
Section titled “Qradar Receiver Use TLS”An use_tls block (within qradar_receiver) supports the following:
• disable_verify_certificate - Optional Block
Configuration parameter for disable verify certificate
• disable_verify_hostname - Optional Block
Enable this option
• enable_verify_certificate - Optional Block
Configuration parameter for enable verify certificate
• enable_verify_hostname - Optional Block
Enable this option
• mtls_disabled - Optional Block
Enable this option
• mtls_enable - Optional Block
mTLS Client config allows configuration of mTLS client OPTIONS
See mTLS Enable below.
• no_ca - Optional Block
Enable this option
• trusted_ca_url - Optional String
The URL or value for trusted Server CA certificate or certificate chain Certificates in PEM format including the PEM headers
Qradar Receiver Use TLS mTLS Enable
Section titled “Qradar Receiver Use TLS mTLS Enable”A mtls_enable block (within qradar_receiver.use_tls) supports the following:
• certificate - Optional String
Client certificate is PEM-encoded certificate or certificate-chain
• key_url - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Key URL below.
Qradar Receiver Use TLS mTLS Enable Key URL
Section titled “Qradar Receiver Use TLS mTLS Enable Key URL”Deeply nested URL block collapsed for readability.
Qradar Receiver Use TLS mTLS Enable Key URL Blindfold Secret Info
Section titled “Qradar Receiver Use TLS mTLS Enable Key URL Blindfold Secret Info”Deeply nested Info block collapsed for readability.
Qradar Receiver Use TLS mTLS Enable Key URL Clear Secret Info
Section titled “Qradar Receiver Use TLS mTLS Enable Key URL Clear Secret Info”Deeply nested Info block collapsed for readability.
S3 Receiver
Section titled “S3 Receiver”A s3_receiver block supports the following:
• aws_cred - Optional Block
Type establishes a direct reference from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name
See AWS Cred below.
• aws_region - Optional String
AWS Region. AWS Region Name
• batch - Optional Block
Batch OPTIONS allow tuning for how batches of logs are sent to an endpoint
See Batch below.
• bucket - Optional String
S3 Bucket Name. S3 Bucket Name
• compression - Optional Block
Configuration parameter for compression
See Compression below.
• filename_options - Optional Block
Filename OPTIONS allow customization of filename and folder paths used by a destination endpoint bucket or file
See Filename Options below.
S3 Receiver AWS Cred
Section titled “S3 Receiver AWS Cred”An aws_cred block (within s3_receiver) supports the following:
• name - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name
• namespace - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace
• tenant - Optional String
When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant
S3 Receiver Batch
Section titled “S3 Receiver Batch”A batch block (within s3_receiver) supports the following:
• max_bytes - Optional Number
Send batch to endpoint after the batch is equal to or larger than this many bytes
• max_bytes_disabled - Optional Block
Enable this option
• max_events - Optional Number
Send batch to endpoint after this many log messages are in the batch
• max_events_disabled - Optional Block
Enable this option
• timeout_seconds - Optional String
Send batch to the endpoint after this many seconds
• timeout_seconds_default - Optional Block
Enable this option
S3 Receiver Compression
Section titled “S3 Receiver Compression”A compression block (within s3_receiver) supports the following:
• compression_default - Optional Block
Configuration parameter for compression default
• compression_gzip - Optional Block
Enable this option
• compression_none - Optional Block
Configuration parameter for compression none
S3 Receiver Filename Options
Section titled “S3 Receiver Filename Options”A filename_options block (within s3_receiver) supports the following:
• custom_folder - Optional String
Use your own folder name as the name of the folder in the endpoint bucket or file The folder name must match
• log_type_folder - Optional Block
Configuration parameter for log type folder
• no_folder - Optional Block
Enable this option
Splunk Receiver
Section titled “Splunk Receiver”A splunk_receiver block supports the following:
• batch - Optional Block
Batch OPTIONS allow tuning for how batches of logs are sent to an endpoint
See Batch below.
• compression - Optional Block
Configuration parameter for compression
See Compression below.
• endpoint - Optional String
Splunk HEC Logs Endpoint. Splunk HEC Logs Endpoint, (Note: must not contain /services/collector)
• no_tls - Optional Block
Enable this option
• splunk_hec_token - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Splunk Hec Token below.
• use_tls - Optional Block
TLS Parameters for client connection to the endpoint
See Use TLS below.
Splunk Receiver Batch
Section titled “Splunk Receiver Batch”A batch block (within splunk_receiver) supports the following:
• max_bytes - Optional Number
Send batch to endpoint after the batch is equal to or larger than this many bytes
• max_bytes_disabled - Optional Block
Enable this option
• max_events - Optional Number
Send batch to endpoint after this many log messages are in the batch
• max_events_disabled - Optional Block
Enable this option
• timeout_seconds - Optional String
Send batch to the endpoint after this many seconds
• timeout_seconds_default - Optional Block
Enable this option
Splunk Receiver Compression
Section titled “Splunk Receiver Compression”A compression block (within splunk_receiver) supports the following:
• compression_default - Optional Block
Configuration parameter for compression default
• compression_gzip - Optional Block
Enable this option
• compression_none - Optional Block
Configuration parameter for compression none
Splunk Receiver Splunk Hec Token
Section titled “Splunk Receiver Splunk Hec Token”A splunk_hec_token block (within splunk_receiver) supports the following:
• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.
• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.
Splunk Receiver Splunk Hec Token Blindfold Secret Info
Section titled “Splunk Receiver Splunk Hec Token Blindfold Secret Info”Deeply nested Info block collapsed for readability.
Splunk Receiver Splunk Hec Token Clear Secret Info
Section titled “Splunk Receiver Splunk Hec Token Clear Secret Info”Deeply nested Info block collapsed for readability.
Splunk Receiver Use TLS
Section titled “Splunk Receiver Use TLS”An use_tls block (within splunk_receiver) supports the following:
• disable_verify_certificate - Optional Block
Configuration parameter for disable verify certificate
• disable_verify_hostname - Optional Block
Enable this option
• enable_verify_certificate - Optional Block
Configuration parameter for enable verify certificate
• enable_verify_hostname - Optional Block
Enable this option
• mtls_disabled - Optional Block
Enable this option
• mtls_enable - Optional Block
mTLS Client config allows configuration of mTLS client OPTIONS
See mTLS Enable below.
• no_ca - Optional Block
Enable this option
• trusted_ca_url - Optional String
The URL or value for trusted Server CA certificate or certificate chain Certificates in PEM format including the PEM headers
Splunk Receiver Use TLS mTLS Enable
Section titled “Splunk Receiver Use TLS mTLS Enable”A mtls_enable block (within splunk_receiver.use_tls) supports the following:
• certificate - Optional String
Client certificate is PEM-encoded certificate or certificate-chain
• key_url - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Key URL below.
Splunk Receiver Use TLS mTLS Enable Key URL
Section titled “Splunk Receiver Use TLS mTLS Enable Key URL”Deeply nested URL block collapsed for readability.
Splunk Receiver Use TLS mTLS Enable Key URL Blindfold Secret Info
Section titled “Splunk Receiver Use TLS mTLS Enable Key URL Blindfold Secret Info”Deeply nested Info block collapsed for readability.
Splunk Receiver Use TLS mTLS Enable Key URL Clear Secret Info
Section titled “Splunk Receiver Use TLS mTLS Enable Key URL Clear Secret Info”Deeply nested Info block collapsed for readability.
Sumo Logic Receiver
Section titled “Sumo Logic Receiver”A sumo_logic_receiver block supports the following:
• url - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See URL below.
Sumo Logic Receiver URL
Section titled “Sumo Logic Receiver URL”An url block (within sumo_logic_receiver) supports the following:
• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.
• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.
Sumo Logic Receiver URL Blindfold Secret Info
Section titled “Sumo Logic Receiver URL Blindfold Secret Info”A blindfold_secret_info block (within sumo_logic_receiver.url) supports the following:
• decryption_provider - Optional String
Name of the Secret Management Access object that contains information about the backend Secret Management service
• location - Optional String
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location
• store_provider - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///
Sumo Logic Receiver URL Clear Secret Info
Section titled “Sumo Logic Receiver URL Clear Secret Info”A clear_secret_info block (within sumo_logic_receiver.url) supports the following:
• provider_ref - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///
• url - Optional String
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded base64 format. When asked for this secret, caller will GET Secret bytes after base64 decoding
Timeouts
Section titled “Timeouts”A timeouts block supports the following:
• create - Optional String (Defaults to 10 minutes)
Used when creating the resource
• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource
• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource
• update - Optional String (Defaults to 10 minutes)
Used when updating the resource
Common Types
Section titled “Common Types”The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.
Object Reference {#common-object-reference}
Section titled “Object Reference {#common-object-reference}”Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.
| Field | Type | Description |
|---|---|---|
name | String | Name of the referenced object |
namespace | String | Namespace containing the referenced object |
tenant | String | Tenant of the referenced object (system-managed) |
Transformers {#common-transformers}
Section titled “Transformers {#common-transformers}”Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.
| Value | Description |
|---|---|
LOWER_CASE | Convert to lowercase |
UPPER_CASE | Convert to uppercase |
BASE64_DECODE | Decodebase64 content |
NORMALIZE_PATH | Normalize URL path |
REMOVE_WHITESPACE | Remove whitespace characters |
URL_DECODE | Decode URL-encoded characters |
TRIM_LEFT | Trim leading whitespace |
TRIM_RIGHT | Trim trailing whitespace |
TRIM | Trim both leading and trailing whitespace |
HTTP Methods {#common-http-methods}
Section titled “HTTP Methods {#common-http-methods}”HTTP methods used for request matching.
| Value | Description |
|---|---|
ANY | Match any HTTP method |
GET | HTTP GET request |
HEAD | HTTP HEAD request |
POST | HTTP POST request |
PUT | HTTP PUT request |
DELETE | HTTP DELETE request |
CONNECT | HTTP CONNECT request |
OPTIONS | HTTP OPTIONS request |
TRACE | HTTP TRACE request |
PATCH | HTTP PATCH request |
COPY | HTTP COPY request (WebDAV) |
TLS Fingerprints {#common-tls-fingerprints}
Section titled “TLS Fingerprints {#common-tls-fingerprints}”TLS fingerprint categories for malicious client detection.
| Value | Description |
|---|---|
TLS_FINGERPRINT_NONE | No fingerprint matching |
ANY_MALICIOUS_FINGERPRINT | Match any known malicious fingerprint |
ADWARE | Adware-associated fingerprints |
DRIDEX | Dridex malware fingerprints |
GOOTKIT | Gootkit malware fingerprints |
RANSOMWARE | Ransomware-associated fingerprints |
TRICKBOT | Trickbot malware fingerprints |
IP Threat Categories {#common-ip-threat-categories}
Section titled “IP Threat Categories {#common-ip-threat-categories}”IP address threat categories for security filtering.
| Value | Description |
|---|---|
SPAM_SOURCES | Known spam sources |
WINDOWS_EXPLOITS | Windows exploit sources |
WEB_ATTACKS | Web attack sources |
BOTNETS | Known botnet IPs |
SCANNERS | Network scanner IPs |
REPUTATION | Poor reputation IPs |
PHISHING | Phishing-related IPs |
PROXY | Anonymous proxy IPs |
MOBILE_THREATS | Mobile threat sources |
TOR_PROXY | Tor exit nodes |
DENIAL_OF_SERVICE | DoS attack sources |
NETWORK | Known bad network ranges |
Import
Section titled “Import”Import is supported using the following syntax:
# Import using namespace/name formatterraform import f5xc_global_log_receiver.example system/example