Sinks for events such as Data Lakes and Security Lakes. Products in this category accept events but do not support querying them back out.
The Synqly Sink connector enables write-only event ingestion to various data storage and logging platforms. Synqly supports writing events to cloud storage (S3, Azure, GCP), security lakes, and HTTP endpoints.
The HTTP Receiver sink provider supports dynamic per-request headers in addition to static headers configured on the integration. This allows you to pass request-specific metadata like correlation IDs, trace context, request IDs, or tenant identifiers with each API call.
When sending events via the Sink API to an HTTP Receiver integration, you can include additional headers that will be forwarded to your target endpoint:
- Send headers with the
Synqly-Fwd-prefix through your SDK's request options - The prefix is automatically stripped before forwarding to your endpoint
- Headers are merged with static headers configured on the integration
- Forwarded headers override static headers if names conflict
- Total limit: Maximum 100 headers combined (static + forwarded)
- Size limit: Maximum 8KB per header value
- Security: The
Synqly-Fwd-prefix prevents forwarded headers from overriding critical system headers - Important: Do NOT use forwarded headers for authentication credentials - use the Authorization configuration on the integration instead
Python SDK:
# Send events with forwarded headers
response = client.sink.post_events(
request=[
{"message": "event data", "time": 1234567890}
],
request_options={
"additional_headers": {
"Synqly-Fwd-X-Request-ID": "req-abc-123",
"Synqly-Fwd-X-Correlation-ID": "uuid-xyz-789",
"Synqly-Fwd-X-Tenant-ID": "customer-456"
}
}
)
# Your HTTP endpoint receives: X-Request-ID, X-Correlation-ID, X-Tenant-ID
# (prefix is stripped automatically)cURL:
curl -X POST https://api.synqly.com/v1/sink/events \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-H "Synqly-Fwd-X-Request-ID: req-abc-123" \
-H "Synqly-Fwd-X-Correlation-ID: uuid-xyz-789" \
-H "Synqly-Fwd-X-Tenant-ID: customer-456" \
-d '[
{"message": "event data", "time": 1234567890}
]'
# Your HTTP endpoint receives: X-Request-ID, X-Correlation-ID, X-Tenant-ID
# (prefix is stripped automatically)For full API documentation see the Sink API Reference.
To create an integration with the Sink connector, use the Create Integration API endpoint, using one of the provider configs below.
- Amazon S3 (
sink_aws_s3) - Amazon Security Lake (
sink_aws_security_lake) - Amazon Simple Queue Service (SQS) (
sink_aws_sqs) - CrowdStrike Falcon® Next-Gen SIEM (HEC) (
sink_crowdstrike_hec) - Elasticsearch (
sink_elasticsearch) - Generic HTTP Receiver (
sink_http) - Google Cloud Storage (
sink_gcs) - Google Security Operations (Chronicle Compatibility) (
sink_google_sec_ops) - Google Security Operations (
sink_google_security_operations) - IBM QRadar Sink (
sink_q_radar) - Microsoft Azure Blob Storage (
sink_azure_blob) - Microsoft Azure Monitor Logs (
sink_azure_monitor_logs) - OpenSearch (
sink_opensearch) - Splunk Enterprise Security (
sink_splunk) - Sumo Logic Sink (
sink_sumo_logic) - Synqly Test Provider (
sink_mock_sink)
| API | Amazon S3 | Amazon Security Lake | Amazon SQS | Microsoft Azure Blob Storage | Microsoft Azure Monitor Logs | CrowdStrike Next-Gen SIEM (HEC) | Elasticsearch | Google Cloud Storage | Google Security Operations | Google Security Operations | Generic HTTP Receiver | Test Provider | OpenSearch | IBM QRadar Sink | Splunk Enterprise Security | Sumo Logic Sink |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| post_events | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| API | Amazon S3 | Amazon Security Lake | Amazon SQS | Microsoft Azure Blob Storage | Microsoft Azure Monitor Logs | CrowdStrike Next-Gen SIEM (HEC) | Elasticsearch | Google Cloud Storage | Google Security Operations | Google Security Operations | Generic HTTP Receiver | Test Provider | OpenSearch | IBM QRadar Sink | Splunk Enterprise Security | Sumo Logic Sink |