# Observo Onboarding Guide
## Overview
[Observo](https://www.observo.ai/) allows you to ingest logs from various sources, structure, optimize, and enrich them, then forward them to Panther using an [HTTP Source](https://docs.panther.com/~/changes/Cd1BxbxeaFl8dlynhNpt/data-onboarding/data-transports/http) or [S3 Source](https://docs.panther.com/~/changes/Cd1BxbxeaFl8dlynhNpt/data-onboarding/data-transports/aws/s3).
Observo can help you send your on-premises data to Panther. It has both cloud and self-hosted solutions, supporting a wide range of sources including S3, Kafka, Fluent, Logstash, HTTP, socket, and various GCP and Azure services.
## How to forward logs to Panther using Observo
### Prerequisite
* Within your environment in your VPC, you have deployed an Observo Site. An Observo Site is the data plane which communicates with the control plane (Observo Cloud).
### Step 1: Configure a source in Observo
1. In your [Observo console](https://app.observo.ai/), click **Sources**, then **Add a new Source**.
2. Complete the **Add Source** form.\
3. Click **Next** to continue configuring the source, then click **Save**.
### Step 2: Create a Data Transport source in Panther
To ingest Observo logs, create either a S3 Source or HTTP Source. Follow one of the instructions sets below:
* [Panther's instructions for configuring a S3 Source](https://docs.panther.com/~/changes/Cd1BxbxeaFl8dlynhNpt/data-transports/aws/s3#how-set-up-an-aws-s3-bucket-log-source-in-panther).\
* [Panther's instructions for configuring an HTTP Source](https://docs.panther.com/~/changes/Cd1BxbxeaFl8dlynhNpt/data-onboarding/data-transports/http).
* For the authentication method, use a [bearer token](https://docs.panther.com/~/changes/Cd1BxbxeaFl8dlynhNpt/data-transports/http#bearer). Copy the token value and store it in a secure location, as you will need it in the following steps.
* Data sent to this source is subject to the [HTTP Source payload requirements](https://docs.panther.com/~/changes/Cd1BxbxeaFl8dlynhNpt/data-transports/http#payload-requirements).
* After the HTTP Source has finished completing, copy its URL and store it in a secure location, as you will need it in the following steps.\
### Step 3: Create a destination for Panther in Observo
Set up a destination in Observo to send logs to whichever type of data transport source you configured in Step 2:
{% tabs %}
{% tab title="S3 destination" %}
To create a S3 destination in Observo:
* In your [Observo console](https://app.observo.ai/), click **Destinations**, then **Add a new Destination**.
* Fill in the **Add Destination** form:
* **Destination Type**: Select **AWS S3**.
* **Name**: Enter a descriptive name.
* **Bucket**: Enter the name of your S3 bucket.
* **Encoding Codec**: Select **JSON**.
* **Region**: Enter the AWS region your bucket is in.\
* Click **Save**.
{% endtab %}
{% tab title="HTTP destination" %}
To create an HTTP destination in Observo:
* In your [Observo console](https://app.observo.ai/), click **Destinations**, then **Add a new Destination**.
* Fill in the **Add Destination** form:
* **Destination Type**: Select **HTTP**.
* **Name**: Enter a descriptive name.
* **URL/URI**: Enter the HTTP URL you generated in Step 2.
* **Encoding Codec**: Select **JSON**.
* **Auth Strategy**: Choose **Bearer**.
* **Auth Token**: Enter the bearer token you used in Step 2.\
* Click **Save**.
{% endtab %}
{% endtabs %}
### Step 4: Create a pipeline in Observo
In Observo, a pipeline connects a data source to a destination. You can optionally add transforms to your pipeline. Transforms can be used to structure, enrich, filter, mask, and redact personal information from your data.
1. In your [Observo console](https://app.observo.ai/), click **Pipelines**, then **Add a new Pipeline**.
2. Configure the pipeline:
* For the source, select the source you created in Step 1.
* For the destination, select the destination you created in Step 3.
* (Optional) Add any desired transforms.
3. Click **Save pipeline**, then **Deploy**.\
