Log Management Services
Veris simulates Splunk and Elasticsearch so your agent can query log data during simulations. You provide your own logs; your agent queries them using the same APIs and query languages it uses in production.
Providing your logs
Upload a log file via the Datasets section on your Environment page in the Console. Select the service (e.g. splunk or elastic), choose CSV or NDJSON as the format, and upload your file.
One dataset per service per environment.
Splunk
Config name: splunk
Query language: SPL
Key endpoints:
| Endpoint | Purpose |
|---|---|
POST /services/search/jobs | Create a search job with an SPL query |
GET /services/search/jobs/{sid}/results | Retrieve search results |
GET /services/search/jobs/{sid}/events | Retrieve events |
GET /services/search/jobs/{sid}/summary | Field summary statistics |
GET /services/search/jobs/{sid}/timeline | Timeline buckets |
POST /services/collector/event | HEC — ingest events |
GET /services/saved/searches | List saved searches |
All v2 equivalents (/services/search/v2/jobs/...) are also supported.
Elasticsearch
Config name: elastic
Elasticsearch has its own dedicated page with full coverage of Query DSL, ES|QL, supported endpoints, and connection patterns: Elasticsearch.