Sources overview
A source is the entry point of a pipeline — the integration a Praxis collector uses to pick up telemetry from your infrastructure, applications, or upstream systems. Once a source produces records, the rest of the pipeline (processors, then destinations) runs on whichever collector is assigned.
The most efficient way to find what you need is the Integrations catalog, which lets you filter by signal (logs, metrics, traces), platform, and category. The pages in this section are the field-level reference behind each catalog entry.
How sources are organized here
| Group | What you'll find |
|---|---|
| Top-level files (e.g. Kafka, OTLP, filelog) | Common single-protocol or single-service sources used across many environments. |
| Webhook | HTTP-pushed sources — generic listener plus vendor-specific receivers (Auth0, Cisco Meraki, HubSpot, Jira). |
| WindowsEvents | Windows-native sources: Event Log, DNS, and DHCP. |
| SIEM bridges (Splunk Search API, Splunk HEC Source) | Pull events out of, or accept events posted to, an existing SIEM. Useful for migrations and dual-routing scenarios. |
Choosing a source
- Match the signal — Sources are typed for logs, metrics, traces, or some combination. The catalog filter is the fastest way to narrow this.
- Match the runtime — Some sources only work on certain platforms (for example Windows Event Log runs only on Windows, journald on Linux). The platform chip on each catalog card tells you up front.
- Mind credentials and network — Cloud sources (AWS, Google Cloud, Cloudflare, Wazuh) need an account and IAM-equivalent credentials your security team owns. SIEM-adjacent sources (syslog, TCP, UDP, OTLP) typically need an open inbound port on the collector.
Related
- Integrations catalog — searchable card view of all sources, processors, and destinations.
- Installation overview — install the collector that will run these sources.
- Destinations overview — where the data ends up after processing.