Supported Destinations
Security platforms supported by Logcannon
Format Fidelity
Indicates how well logs land in each destination's native, queryable format, enabling proper search, filtering, and visualization.
- Full
- Logs are mapped to the destination's native schema with full field alignment. All structured data is preserved and immediately searchable.
- Partial
- Logs are delivered in a compatible format but some fields may be flattened or normalized. Search and filtering work, but with reduced fidelity to the source schema.
- Planned
- Support is in development or planned. Not yet available.
| Destination | Format Fidelity | Versions | Details | Description |
|---|---|---|---|---|
| Splunk | Full | Verified 10.2.2 | Setup SplunkHEC /services/collector/event; same contract as Splunk's HEC REST API. Splunk Enterprise and Splunk Cloud with HEC enabled. | Send logs to Splunk. Data is transmitted via Splunk HEC (HTTP Event Collector). Supports custom indexes, hostname override, and batch processing. |
| Elasticsearch | Full | Verified 9.3.0(Kibana 9.3.0) | Setup Elastic_bulk ingest with API key auth; minimum Elasticsearch 7.0 for API keys (Elastic docs). Kibana matches Elasticsearch for Stack Management (API keys, data views). | Send logs to Elasticsearch clusters with standard field mappings. Supports API key authentication and custom indices. |
| Azure Sentinel | Planned | — | — | — |
See Supported Log Types for accepted formats; setup guides for Splunk and Elasticsearch; and View to inspect how logs look for each destination.
Using a different security platform? Let us know which platform you'd like to see supported next.