> ## Documentation Index
> Fetch the complete documentation index at: https://docs.chronosphere.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Google Chronicle destination plugin
export const entity_0 = "Google Chronicle destination plugin"
export const plugin_0 = "Google Chronicle destination plugin"
The Google Chronicle [destination plugin](/ingest/pipeline/plugins/destination-plugins)
(name: `chronicle`) lets you configure your telemetry pipeline to output data to
Google Chronicle.
## Supported telemetry types
The {plugin_0} for Chronosphere Telemetry Pipeline supports these telemetry types:
| Logs | Metrics | Traces |
| :----------------------------------------: | :-----------------------------: | :-----------------------------: |
| | | |
## Configuration parameters
Use the parameters in this section to configure the {entity_0}. The
Telemetry Pipeline web interface uses the items in the **Name** column to
describe these parameters. [Pipeline configuration files](/ingest/pipeline/v2/configure/config-files)
use the items in the **Key** column as YAML keys.
### Chronicle Settings
| Name | Key | Description | Default |
| ----------------------------------- | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
| **Google Service Credentials Path** | `google_service_credentials` | The Service Credentials file lets Telemetry Pipeline communicate directly with Google Cloud Services using a [service account](https://cloud.google.com/logging/docs/agent/logging/authorization#create-service-account). | *none* |
| **GCP Service Account Email** | `service_account_email` | Account email associated with the service. Available only if no credentials file has been provided. | *none* |
| **GCP Service Account Secret** | `service_account_secret` | Private key content associated with the service account. Available only if no credentials file has been provided. | *none* |
| **GCP Project Id** | `project_id` | The project ID containing the tenant of Google Chronicle to stream into. | *none* |
| **Google Chronicle Customer ID** | `customer_id` | Required. The customer ID to identify the tenant of Google Chronicle to stream into. | *none* |
| **Google Chronicle Log Type** | `log_type` | Required. The log type to handle the request entries. Users must set up the valid, [supported log type](https://cloud.google.com/chronicle/docs/ingestion/parser-list/supported-default-parsers) or the Google Chronicle service denies log ingestion. | *none* |
| **Google Chronicle Log Key** | `log_key` | Required. Specifies the field that contains the log type specified in `log_type`. By default, the whole log record is sent to Google Chronicle. | *none* |
### Advanced
| Name | Key | Description | Default |
| ------------------- | -------- | ----------------------------------------------------------------------------------------------------------- | ------- |
| **Region Location** | `region` | The GCP region in which to store Google Chronicle security logs. Accepted values: `ASIA`, `EU`, `UK`, `US`. | `US` |
### Security and TLS
| Name | Key | Description | Default |
| ------------------------------ | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| **TLS** | `tls` | If `true`, enables TLS/SSL. If `false`, disables TLS/SSL. Accepted values: `true`, `false`. | `false` |
| **TLS Certificate Validation** | `tls.verify` | If `on`, and if `tls` is `true`, enables TLS/SSL certificate validation. If `off`, disables TLS/SSL certificate validation. Accepted values: `on`, `off`. | `on` |
| **TLS Debug Level** | `tls.debug` | Sets TLS debug verbosity level. Accepted values: `0` (No debug), `1` (Error), `2` (State change), `3` (Informational), `4` (Verbose). | `1` |
| **CA Certificate File Path** | `tls.ca_file` | Absolute path to CA certificate file. | *none* |
| **Certificate File Path** | `tls.crt_file` | Absolute path to certificate file. | *none* |
| **Private Key File Path** | `tls.key_file` | Absolute path to private key file. | *none* |
| **Private Key Path Password** | `tls.key_passwd` | Password for private key file. | *none* |
| **TLS SNI Hostname Extension** | `tls.vhost` | Hostname to be used for TLS SNI extension. | *none* |
### Advanced Networking
| Name | Key | Description | Default |
| --------------------------------- | ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| **DNS Mode** | `net.dns.mode` | Selects the primary DNS connection type, which can be `TCP` or `UDP`. | *none* |
| **DNS Resolver** | `net.dns.resolver` | Selects the primary DNS connection type, which can be `LEGACY` or `ASYNC`. | *none* |
| **Prefer IPv4** | `net.dns.prefer_ipv4` | Prioritizes IPv4 DNS results when trying to establish a connection. Accepted values: `true`, `false`. | `false` |
| **Keepalive** | `net.keepalive` | Enables or disables Keepalive support. Accepted values: `true`, `false`. | `true` |
| **Keepalive Idle Timeout** | `net.keepalive_idle_timeout` | Sets the maximum time allowed for an idle Keepalive connection. | `30s` |
| **Max Connect Timeout** | `net.connect_timeout` | Sets the maximum time allowed to establish a connection, which includes the TLS handshake. | `10s` |
| **Max Connect Timeout Log Error** | `net.connect_timeout_log_error` | Specifies whether to log an error on connection timeout. When disabled, the timeout is logged as a debug message. Accepted values: `true`, `false`. | `true` |
| **Source Address** | `net.source_address` | Specifies the network address to bind for data traffic. | *none* |
| **Max Keepalive Recycle** | `net.keepalive_max_recycle` | Sets the maximum number of times a keepalive connection can be used before it's retired. | `2000` |