Versions Compared

Version Old Version 13 New Version 14
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleVerify data collection

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component

Description

Setup

The setup module is in charge of authenticating the service and managing the token expiration when needed.

Puller

The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

Code Block
languagejson
INFO InputProcess::GSuiteAlertsPullerSetup(gsuite_collector,gsuite_alerts#1234,activity_rule#predefined) -> Path for credentials file has been transformed to absolute: "token.pickle" -> "/../devo-collector-gsuite-google-workspace-alerts/credentials/token.pickle"
INFO InputProcess::GSuiteAlertsPullerSetup(gsuite_collector,gsuite_alerts#1234,activity_rule#predefined) -> File "/../devo-collector-gsuite-google-workspace-alerts/credentials/token.pickle" has been created from base64 content
INFO InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> PrePull method started

Puller output

A successful initial run has the following output messages for the puller module:

Info

Note that the PrePull action is executed only one time before the first run of the Pull action.

Code Block
   INFO InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> PrePull method started
   INFO InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> Retrieving persisted data
   INFO InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> No persisted data found. The content will be initialized.
   INFO InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> The <initial_start_time> did not change, so the persistence will not be reset
WARNING InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> The persistence changed and it will be updated. Current -> None | New -> {'initial_start_time': '2022-05-26T00:00:00.000Z', 'last_alert_timestamp': '2022-05-26T00:00:00.000Z', 'last_alert_ids': []} 
   INFO InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> PrePull method completed
   INFO InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> Starting data collection every 60 seconds
   INFO InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> Unpacking messages to start the delivery
   INFO InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> Made 1 request(s), received 24 message(s), filtered 0 message(s), delivered 24 message(s), tag used: "cloud.gsuite.alerts.activity_rule.1.unknown". avg_time_per_source_message: 61.463 ms
   INFO InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> Data collection completed. Elapsed time: 1.480 seconds. Waiting for 58.520 second(s) until the next one

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

Code Block
INFO InputProcess::GSuiteAlertsPuller(gsuite_alerts,1234,activity_rule,predefined) -> Made 1 request(s), received 24 message(s), filtered 0 message(s), delivered 24 message(s), tag used: "cloud.gsuite.alerts.activity_rule.1.unknown". avg_time_per_source_message: 61.463 ms
Info

The value @devo_pulling_id is injected in each event to group all events ingested by the same pull action. You can use it to get the exact events downloaded in that Pull action in Devo’s search window.

...