Learn more about collecting Google Kubernetes Engine logs and data using a custom collector (standard data source) and content pack integration in Cortex XDR.
Note
It's also possible to use a Custom - Filebeat based Collector to ingest logs related to file activity on your endpoints and servers without using the Cortex XDR agent. For more information, see Elasticsearch Filebeat.
You can configure collecting Google Kubernetes logs and data using a Custom - Filebeat based Collector (standard data source) or with a content pack integration:
Google Kubernetes Engine (GKE) vendor | Description |
|---|---|
Custom - Filebeat based Collector overview (standard data source) overview | Forward container logs from Google Kubernetes Engine using Elasticsearch Filebeat to Cortex XDR using the Custom - Filebeat based Collector data source. |
Link to custom collector (standard data source) instructions | |
Links to content pack/integration instructions | The Google Kubernetes Engine content pack builds and manages container-based applications in Google Cloud Platform (GCP), powered by the open source Kubernetes technology. It contains the Google Kubernetes Engine Operations Generic Polling playbook as well as the following integration:
|