Anyone have a list of prefixes that are used for Source / Destination objects?

Brandon McCombs

Sup everybody! Long time searcher, first time caller. I'm a bit of a nerd and I'm wondering if anyone has a list of prefixes that are used for Source / Destination objects? (As seen in such places as `__inputId` or in the Pipeline/Output column in the UI) I've seen such hits as `cribl:, s3:, collection:, kafka:, etc.` , but couldn't find these prefixes directly referenced in the docs. Admittedly, they're rather obvious (kudos Cribl) but having a list would be sweet. Thx!

Brandon McCombs

Afterthought: I would settle for the non-painfully-obvious ones. `collection` was the one that prompted this question.

Brendan Dalpe

Should be listed on sources and destinations in the docs for those that are supported/generated: https://docs.cribl.io/stream/sources-syslog#internal-fields

Brendan Dalpe

`collection` is an odd one because it's specific to the collector sources and varies between each collector type.

Brandon McCombs

Hm. I will certainly now keep an eye out for that section as I'm sure those internal fields will come in handy. However, I only see the field, `__inputId` for example, but not what to expect for the value in these cases.

Anson VanDoren

those identifiers are most for internal use to map schema/config on disk to the backing class that does the processing, and hence subject to change, but a current list for sources/destinations looks something like ```Outputs: 'default' 'router' 'tcpjson' 'splunk' 'splunk_lb' 'splunk_hec' 'syslog' 'filesystem' 's3' 'azure_blob' 'azure_logs' 'kafka' 'confluent_cloud' 'kinesis' 'elastic' 'honeycomb' 'newrelic' 'newrelic_events' 'snmp' 'influxdb' 'minio' 'devnull' 'cloudwatch' 'azure_eventhub' 'statsd' 'statsd_ext' 'graphite' 'wavefront' 'signalfx' 'sqs' 'google_cloud_storage' 'sumo_logic' 'datadog' 'webhook' 'prometheus' 'google_pubsub' 'google_chronicle' 'grafana_cloud' 'loki' 'open_telemetry' 'dataset' 'ring' 'humio_hec' 'cribl_http' 'cribl_tcp' 'google_cloud_logging' Inputs: 'splunk' 'splunk_hec' 'syslog' 'tcpjson' 'grafana' 'loki' 'http' 'http_raw' 'firehose' 'elastic' 'kafka' 'confluent_cloud' 'kinesis' 'eventhub' 'azure_blob' 'metrics' 'sqs' 's3' 'snmp' 'crowdstrike' 'tcp' 'office365_service' 'office365_mgmt' 'office365_msg_trace' 'prometheus' 'prometheus_rw' 'appscope' 'google_pubsub' 'open_telemetry' 'datadog_agent' 'wef' 'datagen' 'cribl' 'criblmetrics' 'cribl_http' 'cribl_tcp' 'win_event_logs' 'system_metrics' 'windows_metrics' 'system_state' 'kube_metrics' 'kube_logs' 'exec' 'splunk_search' 'file'``` As you said, mostly self-explanatory other than `collection`, but there it is

Brandon McCombs

Excellent, <@U02AML9NL2C&gt;! Thank you!