Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
victormanuel1
Cadet 1st Class
Cadet 1st Class
‎2020-12-14 10:48
216 views

Have the same indexed fields in logger and ESM

Jump to solution

It would be good practice, to have the same fields indexed in logger and ESM. With the evolution that ArcSight will this change?

0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
toor
Micro Focus Expert
Micro Focus Expert
‎2020-12-14 11:43

Jump to solution
Yes, that will change as both products will be changed in the future in regards to how they store their events. Logger will be merged together with RECON which as of today already uses the new unified data lake solution underneath.
 
ESM as well will be changed in the way it stores data and be using the unified data lake in future versions. While we are seeing this as a fairly complex change to the heart of ESMs architecture, we still target July for that to happen (but this is ideal and might change).

View solution in original post

Reply
Report Inappropriate Content
1 Reply
toor
Micro Focus Expert
Micro Focus Expert
‎2020-12-14 11:43

Jump to solution
Yes, that will change as both products will be changed in the future in regards to how they store their events. Logger will be merged together with RECON which as of today already uses the new unified data lake solution underneath.
 
ESM as well will be changed in the way it stores data and be using the unified data lake in future versions. While we are seeing this as a fairly complex change to the heart of ESMs architecture, we still target July for that to happen (but this is ideal and might change).

View solution in original post

Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.