Highlighted
Absent Member.
Absent Member.
1322 views

List of Reporting Devices to Arcsight on Daily Basis

Hi Friends,

I want to create a report for checking the devices which is reporting and not reporting to Arcsight.Please find the below screen shots of Query I have created for the same and let me know weather its wrong or do we have any way for generating the above mentioned report.

Thanks,

Sreekanth

0 Likes
13 Replies
Highlighted
Absent Member.
Absent Member.

Re: List of Reporting Devices to Arcsight on Daily Basis

Hi Sreekanth,

The query is correct but it will only provide you devices which are sending logs to ArcSight in time period you run the report. Devices which are configured to send the logs but did not send any events for the report time period will not reflect in the report.

If you can tell me the complete steps of what u have done till now, I would be able to direct u  further.

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: List of Reporting Devices to Arcsight on Daily Basis

Hi Abhi,

Thank You for the reply,

  I haven't applied this query . My requirement is every 3-5days /weekly i want to cross check the devices which are reporting and not reporting to Arcsight.Otherwise need to know from the master list which all devices has not reported since last mentioned week (say 1 week) this would be perfect!!!

Thanks in Advance,

Sreekanth K

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: List of Reporting Devices to Arcsight on Daily Basis

Hi Sreekanth,

For your requirement the best method is to create a report template which contains a fixed table of master list and second variable table containing list of device addresses, hostnames and event count reported which will be populated using your query.

For this report you can make use of trends so the report generation is faster and there will be less load on ArcSight. The trend can be run on daily basis at a fixed time to collect data for a period of 1 week.

Highlighted
Valued Contributor.
Valued Contributor.

Re: List of Reporting Devices to Arcsight on Daily Basis

Can you please help me , I am new to arcsight .

-- I have a list of DCs for which i want a report and status of the devices last event reported and current status of the devices. 

 

 

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: List of Reporting Devices to Arcsight on Daily Basis

You wouldn't happen to have some details on the steps on how to create a report like this, would you?

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: List of Reporting Devices to Arcsight on Daily Basis

I do have the details but would like to know anything specific you are trying to look for?

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: List of Reporting Devices to Arcsight on Daily Basis

Hi Abhijith / Adam,

  Thank You for your reply, I am in the task of creating a master list since its just implemented only and stll adding the devices.My main target is a checklist twice in a week weather all the devices which is integrated to Arcsight is reporting or not..!

Thanks,

Sreekanth K

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: List of Reporting Devices to Arcsight on Daily Basis

Hi All,

I used this query "Event ID Is NOT NULL" in an active channle for testing, but it is returning around 2 lakh of events attached is the screenshots.

Could you please help me where I could be worng or night require a change.

Thanks

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: List of Reporting Devices to Arcsight on Daily Basis

Hi!

You can use content of attached package as an example/starting point for your own content.

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: List of Reporting Devices to Arcsight on Daily Basis

Hi Ivan,

Thanks for support. Could you please help me on how to use this package in brief. I am not aware on how to use this .arb file

Thanks

Ranjit

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: List of Reporting Devices to Arcsight on Daily Basis

In Navigator use tab "Packages", click on "Import" and install this package.Windows 7 2014-02-20 14-01-45 2014-02-20 14-01-48.png

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.