Netskope Transaction Events
Netskope Transaction Events
The HTTP Transaction events are critical for enterprises for deeper visibility as companies move to adopt cloud products. Netskope already provides page, app events, etc. that are rolled up and summarized to avoid “noisy” web traffic. The rolled up view is great for admins, in addition, transaction events provide granular information about the web sites that users have accessed.
Configure Transaction Events
You will need a subscription endpoint URL and subscription key to access the streamed events.
To retrieve the subscription key and path:
- Navigate to Settings > Tools > REST API v2 > New Token. The Create REST API Token window displays.
- Click the Add Endpoint dropdown and select the /api/v2/events/token/transaction_events endpoint to create the API token.
- Select the Read radio button in the Privilege column.
- Click Save. A confirmation box displays stating the token creation is successful.
- Click Copy Token to save it for later use in your API requests and add it to the Netskope API token header.
- Navigate to REST API v2 > API Documentation. A new Swagger UI tab will open. You can access the API Documentation from the Create REST API Token window as well. Click , the Available Authorizations pop-up opens, paste the saved token in the Value field and click Authorize.
- From the Swagger UI tab, under to the Events section, navigate to the /api/v2/events/token/transaction_events endpoint and click the line. The details display, click Try it out. Select decode section > true in the dropdown > click Execute.
Upon successful execution, the response will carry the subscription key and subscription path.
Log in to your Netskope UI and go to Settings > Tools > Event Streaming. Copy your subscription endpoint and generate your download key from the Event Streaming page.
The REGENERATE ENDPOINT button generates a new subscription path. Once a new subscription path is generated, a new subscription key must be generated by clicking on the GENERATE AND DOWNLOAD KEY button.
The old subscription path and key expires. With a new subscription path, event streaming will start fresh from the beginning of the retention period, i.e., 7 days ago by default.
Once the transaction events feature is enabled in your account, you’ll be able to consume the data from the subscription endpoint.
To receive the events from the subscription, refer to the Receiving messages from Lite subscriptions link .
In addition, you can receive messages with various Client libraries. Netskope retains transaction events for seven days by default if not consumed.
There are different access methods for transaction events:
- Google SDK
- Netskope Splunk Integration
- Netskope Cloud Exchange
The enhanced transaction events streaming is delivered through a streaming mechanism.
The transaction event near real-time subscription messages have the following format:
- Content-Encoding. gzip – currently the only available value
- Log-Count – number of events enclosed in the message data
- Fields – transaction event fields for each transaction event
- The message data contains gzip compressed transaction events
Refer to the sample code to receive and decode the transaction events.
Netskope Splunk Integration
The Netskope App (Add-on) for Splunk has dashboards for visualization of Events, Alerts, and Web Transaction details. This information is populated on the dashboard.
Users can get information related to data collected in addition to transforming and parsing data with the Add-on app available from splunkbase.
Click the following links to set up the Netskope Splunk Integration:
- Netskope Splunk App Installation and Configuration Guide
- Netskope Add-on for Splunk:
UPGRADING IS SUPPORTED WITHIN THE 2.X CHAIN. IF COMING FROM 1.X, PLEASE REMOVE 1.X BEFORE INSTALLING 2.X.
- Splunk Netskope Dashboards available from splunkbase (optional): download from here
Netskope Cloud Exchange
Netskope Cloud Exchange is available for download on GitHub and accompanying installation documentation is available:
Transaction Events Streaming Service Data Retention Policy
Transaction Events are retained in the streaming service for up to seven days for admins to pull, for error recovery on the customer client side. The data is kept in a series of files by the streaming service. The garbage collection service will remove all files older than seven days, with the exception of the most recent data file.
For most customers during normal operational load, there will be numerous data files in a given hour. However, for some customers with a small data volume, (e.g. who have not implemented Netskope widely or in an active proof of concept phase), the most recent data file might accumulate events for more than seven days resulting in a longer data retention period.