Management

The Targets web interface provides comprehensive management for output destinations where processed telemetry data is forwarded.

Access

Navigate to Home > Fleet Management > Targets, or use the hamburger menu and select Fleet Management > Targets.

Overview

The Targets dashboard is where you manage all output destinations for DataStream. Targets are data senders that forward processed telemetry to external systems and convert from standardized pipeline output to destination-specific formats.

Navigation Sidebar

The Targets page presents a persistent left sidebar listing all target types in expandable category accordions, in this order: Microsoft Azure, Amazon Web Services (AWS), Google Cloud (GCS), IBM Cloud, Analytics, Cloud Storage, Message Queues, and Other. Each target type entry shows its name and a count of configured instances.

Above the accordion:

• A Show configured targets only toggle hides target types with no configured instances
• A search field with the placeholder Search target types filters the sidebar by name; an empty result shows "No configured targets found"

Selecting a target type in the sidebar opens that type's list table in the main panel.

List View

The list view shows all instances of the selected target type.

Table

The table displays Name, Description, Postprocessing Pipeline, Log Stream, Connection Status, and Status (Enabled/Disabled) for each target, with an Actions menu (⋮) on each row.

Table Controls

Filter targets using the search field — its placeholder names the selected type (for example, "Search Elasticsearch targets") — and the Status dropdown (All, Enabled, Disabled). Click Add new target to launch the creation wizard.

Actions

Each target row provides an Actions menu (⋮) with the following operations:

View and Edit:

• Manage target - Navigate to target detail view

Status Management:

• Enable target / Disable target - Toggle target status (shown according to current status)

Configuration:

• Clone target - Duplicate target configuration for quick setup

Deletion:

• Delete target - Remove target from platform

Creation Wizard

The target creation process uses a multi-step wizard with target-specific configuration.

Target wizards have different numbers of steps depending on the target type. Each step is labeled with its specific name rather than a generic step number. All wizards begin with General Settings and end with Execution Settings; the intermediate steps vary by target.

General Settings

Applies to: All targets

• Name - Unique target identifier
• Target Status - Enable or disable target
• Post-processing pipeline (Optional) - Pipeline for output normalization

Azure Properties

Applies to: AzureBlobStorage, AzureDataExplorer, AzureEventHubs, AzureMonitorLogs, AzureServiceBus, MicrosoftSentinel, MicrosoftSentinelDataLake

Azure-specific configuration including authentication and resource identification:

• Authentication - Managed Identities, Service Principal, or Connection String
• Tenant ID / Client ID / Client Secret - Service Principal credentials
• Workspace/Subscription - Azure resource identification
• Resource Group - Azure resource grouping
• Container / Database / Namespace - Target-specific resource names

Azure Service Configuration

Applies to: AzureBlobStorage, AzureDataExplorer, AzureEventHubs, AzureMonitorLogs, AzureServiceBus, MicrosoftSentinel, MicrosoftSentinelDataLake

Target-specific Azure configuration following the Azure Properties step. The step name and fields vary by target:

• Stream Properties (AzureMonitorLogs, MicrosoftSentinel, MicrosoftSentinelDataLake) — Stream name, table name, DCR rule ID, DCE endpoint
• Storage Properties (AzureBlobStorage, AzureDataExplorer) — Container, database, storage configuration
• Message Properties (AzureServiceBus) — Queue/topic name, message configuration
• Advanced Configuration (AzureEventHubs) — Max retry, retry interval, timeout, batch configuration

Authentication

Applies to: AmazonOpenSearch, Elasticsearch, ElasticSecurity, GoogleChronicle, GoogleSecOps, Splunk, SplunkSecurity

Authentication credentials and endpoint configuration:

• Endpoints - Destination URLs or addresses
• Authentication Type - Token, secret, or basic authentication
• Username / Password - Basic authentication credentials (Elasticsearch, ElasticSecurity, AmazonOpenSearch)
• Token / Secret - Token-based authentication (Splunk, SplunkSecurity)
• TLS Configuration - Certificate and encryption settings

Target Properties

Applies to: AmazonOpenSearch, Elasticsearch, ElasticSecurity, GoogleChronicle, GoogleSecOps, Splunk, SplunkSecurity

Target-specific configuration following the Authentication step. The step name and fields vary by target:

• Splunk HEC Properties (Splunk, SplunkSecurity) — Index, Source Type, Batch Size, Timeout, TCP Routing, Compression, TLS skip verify, Field Format
• Elasticsearch Properties (Elasticsearch) — Index name, document type, ingest pipeline, bulk configuration
• Elastic Security Properties (ElasticSecurity) — Index name, document type, ingest pipeline, bulk configuration
• OpenSearch Properties (AmazonOpenSearch) — Index name, document type, ingest pipeline, bulk configuration
• Chronicle Configuration (GoogleChronicle) — Chronicle-specific settings, followed by a Log Settings step
• SecOps Configuration (GoogleSecOps) — SecOps-specific settings, followed by a Log Settings step

AWS Connection Properties

Applies to: AmazonCloudWatchLogs, AmazonKinesis, AmazonMSK, AmazonSNS, AmazonSQS

AWS connection and credential configuration:

• Region - AWS region
• Access Key ID - AWS access credentials
• Secret Access Key - AWS secret credentials
• Endpoint - Service endpoint URL

AWS Service Configuration

Applies to: AmazonCloudWatchLogs, AmazonKinesis, AmazonMSK, AmazonSNS, AmazonSQS

Target-specific AWS configuration following the Connection Properties step. The step name and fields vary by target:

• Stream Properties (AmazonKinesis) — Stream name, partition key
• Producer Properties + TLS Settings (AmazonMSK) — Topic, partition settings, TLS certificate configuration
• Topic Properties (AmazonSNS) — Topic ARN, message attributes
• Queue Properties (AmazonSQS) — Queue URL, message settings
• Log Properties (AmazonCloudWatchLogs) — Log group, log stream

AWS Data Warehouse

Applies to: AmazonRedshift

Multi-step wizard for Amazon Redshift data warehouse configuration:

• AWS Credentials — Region, Access Key ID, Secret Access Key
• Redshift Connection — Cluster endpoint, database, schema, credentials
• S3 Staging — S3 bucket and prefix for staging data loads
• Table Configuration — Target table name, column mapping
• Batch Configuration — Batch size and flush settings

S3 and Cloud Storage Properties

Applies to: AlibabaS3, AmazonS3, AmazonSecurityLake, BackblazeS3, CloudflareR2, DigitalOceanS3, IbmCos, Minio, ScalewayS3

S3-compatible cloud storage configuration. All targets in this group have two steps — file properties and storage/connection properties:

• Endpoint - Storage service endpoint URL
• Access Key ID / Secret Access Key - Storage access credentials
• Bucket - Target storage bucket name
• Region - Storage region (where applicable)
• File Name - Output file naming pattern with template support
• File Format - Output format (JSON, Parquet, Avro, etc.)
• Compression - Optional data compression (zstd, gzip, etc.)

AmazonSecurityLake uses a different layout (Security Lake Buckets + Security Lake Connection) but covers equivalent storage and credential fields.

Message Queue Properties

Applies to: ConfluentCloud, Kafka, Redpanda

Message queue connection and producer configuration:

• Connection Properties — Broker addresses, topic, authentication
• TLS Settings — Certificate, key, and CA configuration

BigQuery Properties

Applies to: BigQuery

Google BigQuery configuration with three steps:

• BigQuery Properties — Project ID, credentials, dataset
• Streaming Properties — Streaming insert configuration
• Table Properties — Target table name, schema settings

File Properties

Applies to: File

File output configuration:

• File Path - Output directory and file naming pattern
• File Format - Output format (JSON, Parquet, Avro, etc.)
• Compression - Optional data compression

Console Properties

Applies to: Console

Console output format configuration for debugging and testing:

• Output Format - Display format for console output
• Pretty Print - Formatted JSON output option

Execution Settings

Applies to: All targets

This step configures target execution scheduling and debugging options.

Scheduling:

Enable scheduling to run the target at specific times rather than continuous processing.

Scheduling Toggle:

• Enable Scheduling - Toggle to activate scheduled execution
• When disabled, target processes data continuously as it arrives
• When enabled, target accumulates data and processes on schedule

Scheduling Method Selection:

Choose between two scheduling approaches using radio tiles:

Cron-Based Scheduling:

• Time-based scheduling using cron expressions
• Suitable for specific time-of-day execution
• Pattern dropdown with predefined options

Interval-Based Scheduling:

• Fixed interval execution
• Suitable for regular periodic processing
• Interval dropdown with predefined options

Cron-Based Configuration:

When Cron-based is selected:

1. Select Pattern Dropdown - Choose from predefined cron patterns:

   • Every minute (* * * * *)
   • Every 5 minutes (*/5 * * * *)
   • Every 10 minutes (*/10 * * * *)
   • Every 30 minutes (*/30 * * * *)
   • Every hour (0 * * * *)
   • Every 2 hours (0 */2 * * *)
   • Every 6 hours (0 */6 * * *)
   • Daily at midnight (0 0 * * *)
   • Daily at noon (0 12 * * *)
   • Weekly (Monday) (0 0 * * 1)
   • Monthly (1st) (0 0 1 * *)
   • Weekdays only (0 0 * * 1-5)
   • Weekends only (0 0 * * 6,0)
   • Custom - Enter custom cron expression

2. Custom Cron Expression:

   • Info alert explains cron format and usage
   • Input field for custom cron expression
   • Test Expression Button - Validate and interpret cron pattern
   • Result display shows human-readable interpretation
   • Example: 0 */3 * * * displays as "Every 3 hours"
   • Link to Cron documentation chapter for detailed format reference

Interval-Based Configuration:

When Interval-based is selected:

1. Select Interval Dropdown - Choose from predefined intervals:

   • 30 seconds (30s)
   • 1 minute (1m)
   • 5 minutes (5m)
   • 10 minutes (10m)
   • 15 minutes (15m)
   • 30 minutes (30m)
   • 1 hour (1h)
   • 2 hours (2h)
   • 6 hours (6h)
   • 12 hours (12h)
   • 24 hours (24h)
   • Custom - Enter custom interval

2. Custom Interval:

   • Info alert explains interval format
   • Input field for custom interval value
   • Format specification:
     • Numbers without suffix interpreted as seconds
     • Supported suffixes: s (seconds), m (minutes), h (hours), d (days)
     • Examples: 90s, 5m, 2h, 2d, 120 (interpreted as 120 seconds)
   • Helper text shows format requirements
   • Link to documentation for detailed interval format reference

Debugging:

Configure debugging options for target troubleshooting.

Enable Debugging Toggle:

• Activates debug logging for the target
• Logs each event before sending to destination
• Provides visibility into data flow and transformations

When Debugging is Enabled:

Don't Send Logs (Demo Mode) Toggle:

• Prevents actual data transmission to target
• Events are logged but not sent to destination
• Useful for testing configurations without affecting production systems
• Allows validation of data format and transformation logic

Review and Complete Setup

The final wizard step, Review and Complete Setup, shows a summary of all entered configuration values. Click Add target to create the target.

Wizard Navigation

Progress Indicator:

• Visual step progress at top of wizard
• Click steps to navigate (after validation)
• Current step highlighted
• Completed steps marked with checkmark

Navigation Buttons:

• Cancel - Exit wizard without creating target
• Back - Return to previous step
• Next - Advance to next step with validation
• Add target - Finalize target creation (final step)

Detail View

Clicking a target from the list opens the detailed management interface with tabbed panels. All targets display General Settings, Execution Settings, Live Data, and Activity Logs tabs. The intermediate configuration tabs vary by target category.

• Live Data — captures data flowing to the target in real time (see Live Data); shows a disabled-state message when the target is inactive or no route sends data to it
• Activity Logs — target configuration change history

General Settings Tab

Applies to: All targets

• Name - Editable target name
• Description - Editable target description
• Status - Current operational state
• Edit Mode - Click edit to modify general settings

Azure Targets

Applies to: AzureBlobStorage, AzureDataExplorer, AzureEventHubs, AzureMonitorLogs, AzureServiceBus, MicrosoftSentinel, MicrosoftSentinelDataLake

Azure targets display the following configuration tabs:

• Azure Properties (AzureBlobStorage, AzureDataExplorer, AzureMonitorLogs, AzureServiceBus, MicrosoftSentinel, MicrosoftSentinelDataLake) — Authentication, workspace, subscription details
• Stream Properties (AzureMonitorLogs, MicrosoftSentinel, MicrosoftSentinelDataLake) — Stream name, table, DCR settings
• Storage Properties (AzureBlobStorage, AzureDataExplorer) — Container, database configuration
• Message Properties (AzureServiceBus) — Queue/topic configuration
• Advanced Configuration (AzureEventHubs) — Retry, timeout, batch settings

Analytics and SIEM Targets

Applies to: AmazonOpenSearch, Elasticsearch, ElasticSecurity, GoogleChronicle, GoogleSecOps, Splunk, SplunkSecurity

Analytics and SIEM targets display the following configuration tabs:

• Authentication (all) — Endpoint URLs, credentials, TLS settings
• Splunk HEC Properties (Splunk, SplunkSecurity) — Index, source type, batch size, timeout, compression, field format
• Chronicle Properties + Log Settings (GoogleChronicle) — Chronicle configuration and log settings
• SecOps Properties (GoogleSecOps) — SecOps configuration

Elasticsearch, ElasticSecurity, and AmazonOpenSearch display only the Authentication tab for detail view configuration.

AWS Targets

Applies to: AmazonCloudWatchLogs, AmazonKinesis, AmazonMSK, AmazonRedshift, AmazonS3, AmazonSecurityLake, AmazonSNS, AmazonSQS

AWS targets display the following configuration tabs:

• Connection Properties (AmazonCloudWatchLogs, AmazonKinesis, AmazonMSK, AmazonSNS, AmazonSQS) — Region, credentials, endpoint
• Stream Properties (AmazonKinesis) — Stream name, partition key
• Producer Properties (AmazonMSK) — Topic, partition settings
• TLS Settings (AmazonMSK) — Certificate configuration
• Topic Properties (AmazonSNS) — Topic ARN, message attributes
• Queue Properties (AmazonSQS) — Queue URL, message settings
• Log Properties (AmazonCloudWatchLogs) — Log group, log stream
• AWS Credentials (AmazonRedshift) — Region, access credentials
• Redshift Connection (AmazonRedshift) — Cluster endpoint, database, schema
• S3 Staging (AmazonRedshift) — Staging bucket configuration
• Table Configuration (AmazonRedshift) — Target table, column mapping
• S3 File Properties + S3 Properties (AmazonS3) — File format, compression, bucket, credentials
• Security Lake Buckets + Security Lake Connection (AmazonSecurityLake) — Bucket configuration, connection details

S3-Compatible Cloud Storage Targets

Applies to: AlibabaS3, BackblazeS3, CloudflareR2, DigitalOceanS3, IbmCos, Minio, ScalewayS3

All S3-compatible cloud storage targets display two tabs:

• File Properties — File name pattern, format, compression
• Storage Properties — Endpoint, access credentials, bucket, region

Message Queue Targets

Applies to: ConfluentCloud, Kafka, Redpanda

All message queue targets display three tabs:

• Connection Properties — Broker addresses, topic, authentication
• Producer Properties — Producer configuration and tuning
• TLS Settings — Certificate, key, and CA configuration

GCP Targets

Applies to: BigQuery

• Connection Properties — Project ID, credentials, dataset
• Streaming Properties — Streaming insert configuration
• Tables — Target table and schema settings

Utility Targets

Applies to: Console, File

• Console Properties (Console) — Output format, pretty print
• File Properties (File) — File path, format, compression

Execution Settings Tab

Applies to: All targets

Displays and allows editing of scheduling and debugging configuration:

Scheduling Section:

• Current scheduling status (Enabled/Disabled)
• Scheduling method (Cron or Interval)
• Current schedule pattern or interval
• Edit mode allows modification of all scheduling settings

Debugging Section:

• Debug logging status (Enabled/Disabled)
• Don't Send Logs (Demo Mode) status (Enabled/Disabled when debugging active)
• Edit mode allows modification of debug settings

Detail Actions

Each target detail view provides an Actions menu with the following operations:

Status Management:

• Enable target / Disable target - Toggle target status (shown according to current status)

Advanced Operations:

• Clone target - Duplicate configuration for new target
• Delete target - Remove target from platform

Operations

Enable / Disable

To change target status:

1. Navigate to target detail view or use the Actions menu from list
2. Click Actions menu
3. Select Enable target or Disable target
4. Confirmation notification confirms the status change

Enabled targets actively forward data. Disabled targets preserve configuration but stop all forwarding.

Clone

Duplicate an existing target configuration for quick setup:

1. Navigate to target detail view or use Actions menu from list
2. Click Actions menu
3. Select Clone target
4. System navigates to target creation wizard
5. Pre-fills form with cloned target configuration
6. Modify name and other settings as needed
7. Complete wizard to create new target

Delete

Remove a target from the platform with dependency checking:

1. Navigate to target detail view or use Actions menu from list
2. Click Actions menu
3. Select Delete target
4. A confirmation modal appears showing the target name in its heading

Standard Deletion:

• Click Delete to proceed (or Cancel)
• Success notification confirms deletion
• Redirect to target list view

Deletion with Dependencies:

If the target is still referenced by routes, an error modal explains that the target cannot be deleted because it currently exists on routes, and offers a Go to routes button.

Dependency Resolution:

1. Open Routes management and locate the routes using this target
2. Edit those routes to use a different target, or delete them
3. Retry target deletion after dependencies are removed

Edit Mode Workflow

Target detail tabs support inline editing with unsaved changes protection:

Enter Edit Mode:

1. Navigate to editable tab
2. Click Edit button in top-right of tab
3. Form fields become editable
4. Save and Cancel buttons appear

Make Changes:

• Modify editable fields
• Changes are not saved automatically
• Form validation occurs on save

Save Changes:

1. Click Save button
2. System validates changes
3. Success notification displays confirmation
4. Edit mode exits
5. Tab displays updated values

Cancel Changes:

1. Click Cancel button
2. Form reverts to original values
3. Edit mode exits
4. No changes are saved

note

Switching tabs while in edit mode abandons unsaved changes without a prompt — save before navigating away.

Notifications

The Targets interface provides automatic notifications for all operations:

Success

Success messages auto-dismiss after 10 seconds. These include confirmations for target creation, enabling, disabling, deletion, and configuration updates. Hover to pause the auto-close timer, or click X to dismiss manually.

Errors

Error notifications persist until manually dismissed. These include failures for enable, disable, delete, and update operations. Review error details and take corrective action before dismissing.