gportnoy1
New Member.
1155 views

Flexconnector development "merge" keyword

Jump to solution

Does anyone have any documentation on how to use the "merge" parameters in Flex connector development? I've seen some parsers with that keyword in the past and it allows you to merge certain messages together, similar to how multiline parser works, except i believe merge puts messages together based on some commonality in the message. For example, it's perfect for putting together Sendmail logs, where SENDER, ORCPTs, SUBJECT, etc all come in as separate lines via syslog and need to be put together based on the shared MSGID. There is no documentation for it in the Flex Dev guide, but if you do a search, some connector guides refer to various values from merged events (look for "mergedevent")

Alternatively, if someone has already developed such a parser, specifically for Symantec Mail Security Appliances, formerly known as Brightmail Gateway, I'd appreciate it if you could share.

Labels (2)
0 Likes
1 Solution

Accepted Solutions
eugene.afonin@h1 Frequent Contributor.
Frequent Contributor.

Re: Flexconnector development "merge" keyword

Jump to solution

Hi Gary,

here is the one from old KB (pre-HP). Used merge a couple of times myself, saved me from lots of perl scripting.

Cheers!

0 Likes
6 Replies
eugene.afonin@h1 Frequent Contributor.
Frequent Contributor.

Re: Flexconnector development "merge" keyword

Jump to solution

Hi Gary,

here is the one from old KB (pre-HP). Used merge a couple of times myself, saved me from lots of perl scripting.

Cheers!

0 Likes
gportnoy1
New Member.

Re: Flexconnector development "merge" keyword

Jump to solution

Eugene,

Bolshoe spasibo! Exactly what I was looking for.

0 Likes
chrissib Super Contributor.
Super Contributor.

Re: Flexconnector development "merge" keyword

Jump to solution

Heureka!

I was just about to ask if anyone knew about it.

Awesome.

0 Likes
Acclaimed Contributor.. balahasan.v1 Acclaimed Contributor..
Acclaimed Contributor..

Re: Flexconnector development "merge" keyword

Jump to solution

Hi Guys,

I have few Queries regarding the Merge Operation :

1> Merging the fragments in sequence : How to merge the fragmented segments in right order if the fragments are not received in right order by the ArcSight Connector.

Ex:

Ex: 1 Event with multiple Segment and Packets but it is an Singe Event though but the Order of Events are Varying in Order.

<181>Sep 27 03:19:18 cise_prod CISE_Administrative_and_Operational_Audit 00000001234 2 0 2013-09-27 03:19:18.704 +00:00 0000037414 52000 NOTICE Configuration-Changes: Added configuration,

<181>Sep 27 03:19:18 cise_prod  CISE_Administrative_and_Operational_Audit 00000001234 2 2 Name=LDAP_farm2\\\,Subjects In Groups Are Stored In Member Attribute As=Distinguished

<181>Sep 27 03:19:18 cise_prod  CISE_Administrative_and_Operational_Audit 00000001234 2 1 Name=LDAP_farm2\\\,Subjects In Groups Are Stored In Member Attribute As=Distinguished

2> Method to capture the fully merged event for further processing through Tokens or Field Regex's.


The parser executes all instructions(parsing code) in every pass and tokens are mapped with information from current segment. If I need to parse the fully merged event using submessages or extraprocessors, how do I achieve this?

If there is any way to Parse Further on Field Regex's but how Effective Will it be after Parsing the Merged Field

Any Suggestions on this


0 Likes
Larry Super Contributor.
Super Contributor.

Re: Flexconnector development "merge" keyword

Jump to solution

We are looking for the same type of merge event connector for SendMail.   If some has a version to share, it would be greatly appreciated.

Thanks

0 Likes
Highlighted
OBSCyril Frequent Contributor.
Frequent Contributor.

Re: Flexconnector development "merge" keyword

Jump to solution

Hello Gary,

At the end, have you written a whole flex with the merging feature, or re-used the smartconnector, and written an override for the merging ?

I am in the same situation and would like to know, before doing it myself.

Cheers

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.