September 7, 2021
Devo is a cloud-based multi-tenant centralized log management solution designed for today’s massive scale and performance requirements. It is just one of the many analytics solutions that Cribl Stream can easily route data to. This blog will cover integrating Devo as a Destination for Stream data using Palo Alto Networks Firewall events as an example.
To send data to Devo via HTTP, we will need to generate a token.
Using the token created in the previous step, we will configure a Stream Webhook Destination.
The URL to send the HTTP request uses the following format:
Here are the URL’s components:
<endpoint> – We will be using the URL for the U.S. region endpoint. The URL should look something like this:
<mode> – We are going to be sending multiple events, so we will use stream.
<domain>–- This is the Devo domain we are sending events to.
<token> – The token we created in the previous step.
<tag> – The Devo tag to apply to the events. In this case, I am sending Palo Alto Traffic data, so I will be setting the tag to
firewall.paloalto.traffic. (About Devo tags)
Then set the Method to POST and click Save.
Now that we have configured the Webhook Destination for Devo, let’s set up a Route within Stream to send some data to that Destination.
In this example, I will be sending some firewall logs that I have previously configured as a source in Stream. I am also going to use the Palo_Alto_traffic Pipeline that comes out of the box with Stream.
Once saved, you should start to see events flow.
Now that we have configured Stream to send events to Devo, we can search for them using the same tag we used when sending the data firewall:
Go to Data Search and use the Finder to select
The fastest way to get started with Cribl Stream is to sign-up at Cribl.Cloud. You can process up to 1 TB of throughput per day at no cost. Sign-up and start using Stream within a few minutes.