diff --git a/doc/dataingestion.md b/doc/dataingestion.md index c2e2cd4399db6341765668bf980c10550bb1b4e9..1ed28e00294f1859c9500a1d317bc43a7cc1f024 100644 --- a/doc/dataingestion.md +++ b/doc/dataingestion.md @@ -1,6 +1,6 @@ # Data ingestion -SOCTools monitors itself which means that there is already support for receiving and parsing the following data: +SOCTools monitors itself which means that there is already support for receiving and parsing the data from the following systems: * Misp * Haproxy * Kibana @@ -14,7 +14,7 @@ In addtion there is also support for: * Suricata EVE logs * Zeek logs -Additional logs can be sent to the SOCTools server on port 6000 using Filebeat. The typical configuration is: +Additional logs of this type can be sent to the SOCTools server on port 6000 using Filebeat. The typical configuration is: ``` filebeat.inputs: @@ -30,7 +30,7 @@ output.logstash: loadbalance: true ``` -The extra filed log_type tells Nifi how it should route the data to the correct parser. The following values are currently supported: +The extra field log_type tells Nifi how it should route the data to the correct parser. The following values are currently supported: * elasticsearch * haproxy * keycloak @@ -68,4 +68,4 @@ Assume you have the following log data: } ``` -You want to enrich the client IP so you set the attribute enrich_ip1 to the value "/client/ip". To see more example and to see how logs are parsed, take a look at the process group "Data processing"->"Data input"->"SOCTools" in the NiFi GUI. +You want to enrich the client IP so you set the attribute enrich_ip1 to the value "/client/ip". To see more examples and to see how logs are parsed, take a look at the process group "Data processing"->"Data input"->"SOCTools" in the NiFi GUI.