title: SumoLogic order: 20 backends: - sumologic # Sumulogic mapping depends on customer configuration. Adapt to your context! # typically rule on _sourceCategory, _index or Field Extraction Rules (FER) # supposing existing FER for service, EventChannel, EventID logsources: unix: product: unix index: UNIX linux: product: linux index: LINUX linux-sshd: product: linux service: sshd index: LINUX linux-auth: product: linux service: auth index: LINUX linux-clamav: product: linux service: clamav index: LINUX windows: product: windows index: WINDOWS windows-sysmon: product: windows service: sysmon conditions: EventChannel: Microsoft-Windows-Sysmon index: WINDOWS windows-security: product: windows service: security conditions: EventChannel: Security index: WINDOWS windows-powershell: product: windows service: powershell conditions: EventChannel: Microsoft-Windows-Powershell index: WINDOWS windows-system: product: windows service: system conditions: EventChannel: System index: WINDOWS windows-dhcp: product: windows service: dhcp conditions: EventChannel: Microsoft-Windows-DHCP-Server index: WINDOWS windows-ntlm: product: windows service: ntlm conditions: EventChannel: 'Microsoft-Windows-NTLM/Operational' apache: product: apache service: apache index: WEBSERVER apache2: product: apache index: WEBSERVER webserver: category: webserver index: WEBSERVER firewall: category: firewall index: FIREWALL firewall2: product: firewall index: FIREWALL network-dns: category: dns index: DNS network-dns2: product: dns index: DNS proxy: category: proxy index: PROXY antivirus: product: antivirus index: ANTIVIRUS application-sql: product: sql index: DATABASE application-python: product: python index: APPLICATIONS application-django: product: django index: DJANGO application-rails: product: rails index: RAILS application-spring: product: spring index: SPRING # if no index, search in all indexes