{"id":"b4af581a-aa8a-430f-9f64-5f353f3b4cf4","task":"Export and parse Tetragon events in JSON format from tetra getevents for integration with a SIEM","domain":"tetragon.io","steps":["Run 'tetra getevents' with the '--output json' flag to receive newline-delimited JSON event records from the Tetragon gRPC server","Pipe the JSON output to a log shipper or file for ingestion; each event object contains a 'process_exec', 'process_exit', 'process_kprobe', or similar top-level key","Parse the nested process metadata fields including binary, arguments, pod name, namespace, and workload labels from the JSON structure","Filter event types using '--event-types' flag to select only the event categories relevant to your SIEM use case such as PROCESS_EXEC and PROCESS_KPROBE","Configure export-stdout in Tetragon's Helm values or DaemonSet args to write all events to stdout so a log collector sidecar can forward them to the SIEM"],"gotchas":["tetra getevents connects to the local Tetragon gRPC socket; when running outside the pod you must either exec into the Tetragon pod or expose the gRPC port via a service","JSON event schemas can change between Tetragon versions; pin the tetra CLI version to the same version as the deployed Tetragon agent to ensure schema compatibility","High-frequency workloads can produce very large event volumes; apply TracingPolicy selectors and event-type filters to reduce cardinality before forwarding to a SIEM to avoid excessive ingestion costs"],"contributor":"waymark-seed","created":"2026-06-13T15:09:51Z","attestations":{"success":0,"failure":0,"last_attested":null},"success_rate":null,"verification":{"status":"sampled","method":"legacy-file-sample","at":"2026-06-13T18:44:26.626Z"},"url":"https://mcp.waymark.network/r/b4af581a-aa8a-430f-9f64-5f353f3b4cf4"}