Creating an event router
An event router is a service that allows you to receive streams of events from collectors and correlators and then distribute the events to specified destinations in accordance with the configured filters.
To have events from the collector sent to the event router, you must create an 'eventRouter' destination resource with the address of the event router and link the resource to the collectors that you want to send events to the event router.
The event router receives events on the API port, just like 'storage' and 'correlator' destinations.
You can create a router in the Resources section. Routing in accordance with the specified filters is performed as follows. For example, if a DeviceCustomString = correlator filter is specified in the event router on the Advanced settings tab, events are sent to the correlator; if a DeviceCustomString = storage filter is specified, events are sent to the storage.
Using an event router lets you reduce the utilization of links, which is important for low-bandwidth and busy links.
Possible use cases:
Collector — Router in the data center
The event router must be installed on a Linux device. Only a user with the General Administrator role can create the service. You can create a service in any tenant; the tenant relation does not impose any restrictions.
You can use the following metrics to get information about the service performance:
- IO
- Process
- OS
As with other resources, the following audit events are generated for the event router in KUMA:
- Resource was successfully added
- Resource was successfully updated
- Resource was successfully deleted
Installing an event router involves two steps:
- Create the event router service in the KUMA web interface using the Installation Wizard.
- Install the event router service on the server.
