Targets: Management

The Targets web interface provides comprehensive management for output destinations where processed telemetry data is forwarded.

Access

Navigate to Home > Fleet Management > Targets, or use the hamburger menu and select Fleet Management > Targets.

Overview

The Targets dashboard is where you manage all output destinations for DataStream. Targets are data senders that forward processed telemetry to external systems and convert from standardized pipeline output to destination-specific formats.

Dashboard Interface

The overview page displays all available target types as cards organized by category.

Search and Filter:

• Search targets - Filter target types by name in the search field
• Card count display shows "Viewing X targets" or "No targets found"

Target Cards:

Each target type displays as a card showing:

• Icon - Visual identifier for the target type
• Title - Target type name
• Description - Brief explanation of target purpose
• Enabled Count - Number of active instances
• Disabled Count - Number of inactive instances

Clicking a target card navigates to that target type's management page.

List View

Clicking a target card opens the target list view showing all instances of that target type.

Table

The table displays Name, Description, Postprocessing Pipeline, Status (Enabled/Disabled), and an Actions menu (⋮) for each target.

Table Controls

Filter targets using Search targets (by name) and Status dropdown (All, Enabled, Disabled). The Refresh button reloads table data. Click Create target to launch the creation wizard.

Actions

Each target row provides an Actions menu (⋮) with the following operations:

View Details:

• See details - Navigate to target detail view

Status Management:

• Enable Target - Activate disabled target
• Disable Target - Deactivate enabled target

Configuration:

• Clone Target - Duplicate target configuration for quick setup

Deletion:

• Delete Target - Remove target from platform

Create Wizard

The target creation process uses a multi-step wizard with target-specific configuration.

Target wizards have different numbers of steps (3 or 4) depending on the target type. Each step is labeled with its specific name rather than a generic step number.

General Settings

Applies to: All targets (AWSS3, AzureBlobStorage, AzureDataExplorer, AzureEventHubs, CloudflareR2, Console, Elasticsearch, File, IbmCos, MicrosoftSentinel, MicrosoftSentinelDataLake, Minio, Splunk)

• Name - Unique target identifier
• Target Status - Enable or disable target
• Post-processing Pipeline - Optional pipeline for output normalization

Azure Properties

Applies to: AzureBlobStorage, AzureDataExplorer, AzureEventHubs, MicrosoftSentinel, MicrosoftSentinelDataLake

Azure-specific configuration including authentication and resource identification:

• Authentication - Managed Identities, Service Principal, or Connection String
• Tenant ID / Client ID / Client Secret - Service Principal credentials
• Workspace/Subscription - Azure resource identification
• Resource Group - Azure resource grouping
• Container / Database / Namespace - Target-specific resource names

File Properties

Applies to: AWSS3, AzureBlobStorage, CloudflareR2, File, IbmCos, Minio

File output configuration including format and compression:

• File Name - Output file naming pattern with template support
• File Format - Output format (JSON, Parquet, Avro, etc.)
• Compression - Optional data compression (zstd, gzip, etc.)
• Schema - Schema definition for structured formats

S3/Cloud Storage Properties

Applies to: AWSS3, CloudflareR2, IbmCos, Minio

S3-compatible cloud storage configuration:

• Endpoint - Storage service endpoint URL
• Access Key ID - Storage access credentials
• Secret Access Key - Storage secret credentials
• Bucket - Target storage bucket name
• Region - Storage region (where applicable)

Advanced Configuration

Applies to: AzureEventHubs

Advanced Event Hubs-specific settings including retry logic and performance tuning:

• Max Retry - Maximum number of retry attempts
• Retry Interval - Delay between retry attempts
• Timeout - Connection timeout settings
• Batch Configuration - Batching and performance options

Console Properties

Applies to: Console

Console output format configuration for debugging and testing:

• Output Format - Display format for console output
• Pretty Print - Formatted JSON output option

Authentication

Applies to: Elasticsearch, Splunk

Authentication credentials and endpoint configuration:

• Endpoints - Destination URLs or addresses
• Username / Password - Basic authentication credentials
• API Keys / Tokens - Token-based authentication
• TLS Configuration - Certificate and encryption settings

Elasticsearch Properties

Applies to: Elasticsearch

Elasticsearch-specific index and document configuration:

• Index Name - Target index or index pattern
• Document Type - Document type for older Elasticsearch versions
• Pipeline - Ingest pipeline for preprocessing
• Bulk Configuration - Batch size and flush settings

Stream Properties

Applies to: MicrosoftSentinel, MicrosoftSentinelDataLake

Microsoft Sentinel stream and DCR configuration:

• Stream Name - Custom stream name
• Table Name - Target table in Log Analytics workspace
• Rule ID - Data Collection Rule (DCR) identifier
• Endpoint - DCR endpoint URL

Splunk HEC Properties

Applies to: Splunk

Splunk HTTP Event Collector configuration:

• Index - Target Splunk index
• Source Type - Event source type classification
• HEC Token - HTTP Event Collector authentication token
• Channel - HEC channel identifier

Execution Settings

Applies to: All targets (AWSS3, AzureBlobStorage, AzureDataExplorer, AzureEventHubs, CloudflareR2, Console, Elasticsearch, File, IbmCos, MicrosoftSentinel, MicrosoftSentinelDataLake, Minio, Splunk)

This step configures target execution scheduling and debugging options.

Scheduling:

Enable scheduling to run the target at specific times rather than continuous processing.

Scheduling Toggle:

• Enable Scheduling - Toggle to activate scheduled execution
• When disabled, target processes data continuously as it arrives
• When enabled, target accumulates data and processes on schedule

Scheduling Method Selection:

Choose between two scheduling approaches using radio tiles:

Cron-Based Scheduling:

• Time-based scheduling using cron expressions
• Suitable for specific time-of-day execution
• Pattern dropdown with predefined options

Interval-Based Scheduling:

• Fixed interval execution
• Suitable for regular periodic processing
• Interval dropdown with predefined options

Cron-Based Configuration:

When Cron-based is selected:

1. Select Pattern Dropdown - Choose from predefined cron patterns:

   • Every minute (* * * * *)
   • Every 5 minutes (*/5 * * * *)
   • Every 10 minutes (*/10 * * * *)
   • Every 30 minutes (*/30 * * * *)
   • Every hour (0 * * * *)
   • Every 2 hours (0 */2 * * *)
   • Every 6 hours (0 */6 * * *)
   • Daily at midnight (0 0 * * *)
   • Daily at noon (0 12 * * *)
   • Weekly (Monday) (0 0 * * 1)
   • Monthly (1st) (0 0 1 * *)
   • Weekdays only (0 0 * * 1-5)
   • Weekends only (0 0 * * 6,0)
   • Custom - Enter custom cron expression

2. Custom Cron Expression:

   • Info alert explains cron format and usage
   • Input field for custom cron expression
   • Test Expression Button - Validate and interpret cron pattern
   • Result display shows human-readable interpretation
   • Example: 0 */3 * * * displays as "Every 3 hours"
   • Link to Cron documentation chapter for detailed format reference

Interval-Based Configuration:

When Interval-based is selected:

1. Select Interval Dropdown - Choose from predefined intervals:

   • 30 seconds (30s)
   • 1 minute (1m)
   • 5 minutes (5m)
   • 10 minutes (10m)
   • 15 minutes (15m)
   • 30 minutes (30m)
   • 1 hour (1h)
   • 2 hours (2h)
   • 6 hours (6h)
   • 12 hours (12h)
   • 24 hours (24h)
   • Custom - Enter custom interval

2. Custom Interval:

   • Info alert explains interval format
   • Input field for custom interval value
   • Format specification:
     • Numbers without suffix interpreted as seconds
     • Supported suffixes: s (seconds), m (minutes), h (hours)
     • Examples: 90s, 5m, 2h, 120 (interpreted as 120 seconds)
   • Helper text shows format requirements
   • Link to documentation for detailed interval format reference

Debugging:

Configure debugging options for target troubleshooting.

Enable Debugging Toggle:

• Activates debug logging for the target
• Logs each event before sending to destination
• Provides visibility into data flow and transformations

When Debugging is Enabled:

Don't Send Debug Logs Toggle:

• Prevents actual data transmission to target
• Events are logged but not sent to destination
• Useful for testing configurations without affecting production systems
• Allows validation of data format and transformation logic

Navigation

Progress Indicator:

• Visual step progress at top of wizard
• Click steps to navigate (after validation)
• Current step highlighted
• Completed steps marked with checkmark

Navigation Buttons:

• Cancel - Exit wizard without creating target
• Back - Return to previous step
• Next - Advance to next step with validation
• Create target - Finalize target creation (final step)

Detail View

Clicking a target from the list opens the detailed management interface with tabbed panels.

Tabs

Tab structure varies by target type:

General Settings Tab:

• Name - Editable target name
• Description - Editable target description
• Status - Current operational state
• Edit Mode - Click edit to modify general settings

Target-Specific Configuration Tabs:

Configuration tabs vary by target type:

Azure Targets:

• Azure Properties - Authentication, workspace, subscription details
• Stream Properties - Stream configuration, DCR settings (Sentinel targets)

Analytics Targets:

• Authentication - Credentials and authentication methods
• Properties - Endpoint configuration, index settings

Storage Targets:

• File Properties - Path, format, compression settings
• Azure Properties - Cloud-specific configuration (Azure storage targets)

Execution Settings Tab:

Displays and allows editing of scheduling and debugging configuration:

Scheduling Section:

• Current scheduling status (Enabled/Disabled)
• Scheduling method (Cron or Interval)
• Current schedule pattern or interval
• Edit mode allows modification of all scheduling settings

Debugging Section:

• Debug logging status (Enabled/Disabled)
• Don't send logs status (Enabled/Disabled when debugging active)
• Edit mode allows modification of debug settings

Actions

Each target detail view provides an Actions menu with the following operations:

View and Configuration:

• See details - Current view (disabled in dropdown)

Status Management:

• Enable Target - Activate disabled target
• Disable Target - Deactivate enabled target

Advanced Operations:

• Clone Target - Duplicate configuration for new target
• Delete Target - Remove target from platform

Operations

Enable / Disable

To change target status:

1. Navigate to target detail view or use the Actions menu from list
2. Click Actions menu
3. Select Enable Target or Disable Target
4. Confirmation notification confirms the status change

Enabled targets actively forward data. Disabled targets preserve configuration but stop all forwarding.

Clone

Duplicate an existing target configuration for quick setup:

1. Navigate to target detail view or use Actions menu from list
2. Click Actions menu
3. Select Clone Target
4. System navigates to target creation wizard
5. Pre-fills form with cloned target configuration
6. Modify name and other settings as needed
7. Complete wizard to create new target

Delete

Remove a target from the platform with dependency checking:

1. Navigate to target detail view or use Actions menu from list
2. Click Actions menu
3. Select Delete Target
4. Deletion modal appears with confirmation

Standard Deletion:

• Confirm target name matches
• Click Delete to proceed
• Success notification confirms deletion
• Redirect to target list view

Deletion with Dependencies:

If target has active dependencies, error modal displays:

Error Modal Contents:

• "Cannot delete Target" message
• Routes - List of routes using this target
• Action Required - Remove or reassign dependencies before deletion

Dependency Resolution:

1. Note listed routes
2. Edit routes to use different target or delete routes
3. Retry target deletion after dependencies removed

Edit Mode Workflow

Target detail tabs support inline editing with unsaved changes protection:

Enter Edit Mode:

1. Navigate to editable tab
2. Click Edit button in top-right of tab
3. Form fields become editable
4. Save and Cancel buttons appear

Make Changes:

• Modify editable fields
• Changes are not saved automatically
• Form validation occurs on save

Save Changes:

1. Click Save button
2. System validates changes
3. Success notification displays confirmation
4. Edit mode exits
5. Tab displays updated values

Cancel Changes:

1. Click Cancel button
2. Form reverts to original values
3. Edit mode exits
4. No changes are saved

Tab Navigation Protection:

If you attempt to navigate to another tab while in edit mode:

• Unsaved Changes Modal appears
• Modal Contents:
  • "Unsaved changes" heading
  • "You have unsaved changes. Are you sure you want to leave?" message
  • Discard Changes - Exit edit mode and switch tabs
  • Continue Editing - Return to current tab
  • Cancel - Close modal

Notifications

The Targets interface provides automatic notifications for all operations:

Success

Success messages auto-dismiss after 10 seconds. These include confirmations for target creation, enabling, disabling, deletion, and configuration updates. Hover to pause the auto-close timer, or click X to dismiss manually.

Errors

Error notifications persist until manually dismissed. These include failures for enable, disable, delete, and update operations. Review error details and take corrective action before dismissing.