Absent Member.
Absent Member.
316 views

Default severity in FlexConnector?

Hello *,

I'm busy developing a FlexConnector for a customer. The log file is really awful and I'd like to assign a default severity (ex: low) to events which does not match the classic mapping.

How to add a default severity to an event? (By default, it is "Unknown").

Can we have multiple conditions for the same severity level?

Example:

severity.map.high.if.deviceSeverity=string1,string2,string3

severity.map.high.if.deviceCustomString2=string4,string5,string6

Thanks!

/x

Labels (2)
0 Likes
4 Replies
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

I guess you can only do this with severity field not any other arcsight field.

Thanks.

0 Likes
Absent Member.
Absent Member.

Tx for the feedback!

I've this in my .properties files:

severity.map.high.if.deviceSeverity=string1,string2,string3

severity.map.high.if.deviceCustomString2=string4,string5,string6

And the FlexConnector loaded without error... I'll test further tomorrow with more samples! I'm curious!

Any idea to set a "default" severity?

/x

0 Likes
Absent Member.
Absent Member.

Hi,

this should work, use only this and not the second line ->  severity.map.high.if.deviceSeverity= <use the work which is i>

not sure how this will work ->  severity.map.high.if.deviceCustomString2

Thanks,

Asheesh

0 Likes
Absent Member.
Absent Member.

I think it should not work  with two severity mapping for HIGH with different fields. Test with the only first line and comment the second and see the results.

severity.map.high.if.deviceSeverity=string1,string2,string3

#severity.map.high.if.deviceCustomString2=string4,string5,string6

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.