Using Discover in Rest collector to populate a collect header

OK so I am trying to pull from the Microsoft Graph API. To do that, I must first POST to get a bearer token. I assume I can use discover type of HTTP Request to get it. A JSON response will be returned with the field access_token containing what I need.

How do I use the data from access_token as a collect header for Authorization? This is a first for me so I need some hand holding here.


1 UpGoat

Hi @rolltidega, I’d recommend following this guide from Microsoft to setup an App that can obtain an access token using the client_credentials OAuth2 flow as Cribl Stream does not support the OAuth2 authorization_code flow.

Once that’s done, you can use the Authentication section of the collector to obtain the Bearer token. The token will the be automatically added in the Authorization header to the discovery collection calls.

2 UpGoats