External mapping utilizing a join condition in query


I recently had the challenge of having to do an external mapping db  lookup, but needed to use a join condition for my results.  Not much  attendtion has been paid to the more comlex queries that some times need  to be don ein order for these thing to work.  So I decided to share  what I came up with so as to help anyone else out who has similar need.

First  I mapped an event EVENTID to exteranlID and use that value in my  query.  There are many ways to do this I chose to do it through the  console.

extmap.0.properties to include join condition.

jdbc.class=sun.jdbc.odbc.JdbcOdbcDriver      - MSSQL  I believe it will different for Oracle and other DBs.
jdbc.url=jdb:odbc:Arcsight_myodbc             -  This is the ODBC we created for a connector on the machineso I I  used it and it works, documentation will state to create an ODBC string.

jdbc.password=myobfuscatedpw                  - This is the obfuscated pw created using the Arcsight utility.

Jdbc.query=select  a.primarykey as primarykey, a.field1 as field1, b.field2 as field2   from table1 as a  JOIN  table2 as b on a.field1 = b.field3 \

Where a.primarykey in (?\u0000?)

b.field3 is the key on the second table needed to get b.field2.

field1 gets mapped to setter0
field2 gets mapped to setter1

KB should be written on these more complex queries in addition to the easy ones

Comment List
Parents Comment Children
No Data