Creating data collectors
Before you create a data collector, you need to understand the kind of data that you want to collect and collate all the inputs required for creating the particular data collector type.
The following table lists data collectors categorized by the data source and based on whether the data collector is meant for local or remote data collection. For example, if you want to collect data from files and directories locally, you need to create the Monitor file on Collection Agent type of data collector.
After the data collector is created, it might take some time (approximately 1 minute) for the first poll to happen. The first poll is used to make the data collector ready for data collection. The data is fetched only from the second poll.
Expected time delay (to see the first set of data for a search) = (Time for first poll) + (Poll interval set for the data collector).
Data collectors in the following table contain links to topics that describe the process of creating the particular data collector type.
|Data source||Local / remote?||Data collector|
|Files and directories||Local|
|Remote||Monitor File over SSH|
|Monitor over Windows Share|
|Remote||Monitor script output over SSH|
|Windows events||Remote||Monitor Remote Windows Events|
|Local||Monitor Local Windows Events|
|Events from external systems||Remote|
|Remote||Receive over HTTP/HTTPS|