Highlighted
Valued Contributor.. Valued Contributor..
Valued Contributor..
726 views

Custom mapping not working

Hi all,

I am trying to map three additional fields to ESM fields as mentioned below. But its not working. Kindly help me to understand the issue.I have also attached mapping file.

event.deviceCustomString3=PARAM DEVICE ID

event.deviceCustomString3Label=__stringConstant("Device ID")

event.deviceCustomString4=VAPI NAME

event.deviceCustomString4Label=__stringConstant("File Action")

event.flexString1=INTRUSION URL

event.flexString1Label=__stringConstant("Intrusion Url")

Connector :- SymantecEndpointProtectionDBConfig

Custom map file place in below mentioned location

D:\ArcSight\Connectors\Symantec End Point\current\user\agent\aup\3S3GZ3k4BAB8SNx5Sw==\fcp\custommappings\Symantec\Endpoint_Protection

Thank you all.

Regards

Sandeepa

Labels (3)
0 Likes
4 Replies
Highlighted
Absent Member.
Absent Member.

Hi Sandeepa,

You can make use of attached doc on how to do mapping in ESM.

Regards

Hemant

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Hi Sandeepa,

Follow Hemant's doc. If issue persists.

Were u able to see the values in Get Additional data names and getstatus will show whether ur additional field mapping is loaded or not!!!

Sometimes, there are some bugs in connector versions(ex: 7.1.4.7475.0) especially pull connectors which doesn't work as expected. Try different connector versions

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Are you getting row logs for those fields?

Mr
0 Likes
Highlighted
Valued Contributor.. Valued Contributor..
Valued Contributor..

Hi Everyone,

Thank you everyone for response ,issue now resolved.Tried as per document 4 to 5 times after few restart it worked.

@Hemat ,documents was very helpful.

@Balahasan, issue resolved but I was trying same method as per document from the beginning of the issue , some finally it worked.

@Gayan, Yes we are getting value in raw logs for those fileds.

Regards

Sandeepa

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.