Creating data collectors

Before you create a data collector, you need to understand the kind of data that you want to collect and collate all the inputs required for creating the particular data collector type.

The following table lists data collectors categorized by the data source and based on whether the data collector is meant for local or remote data collection. For example, if you want to collect data from files and directories locally, you need to create the Monitor file on Collection Agent type of data collector.


After the data collector is created, it might take some time (approximately 1 minute) for the first poll to happen. The first poll is used to make the data collector ready for data collection. The data is fetched only from the second poll.

Expected time delay (to see the first set of data for a search) = (Time for first poll) + (Poll interval set for the data collector).

Data collectors in the following table contain links to topics that describe the process of creating the particular data collector type.

Data sourceLocal / remote?Data collector
Files and directoriesLocal

Monitor file on Collection Agent

RemoteMonitor File over SSH
RemoteMonitor over Windows Share
RemoteUpload file
Script outputsLocal

Monitor Script Output on Collection Agent

RemoteMonitor script output over SSH
Windows eventsRemoteMonitor Remote Windows Events
LocalMonitor Local Windows Events
Events from external systemsRemote

Monitor using External Configuration

Data receiversRemote

Receive over TCP/UDP

RemoteReceive over HTTP/HTTPS
