Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
ekoeller@ameren1
ekoeller@ameren1 Absent Member.
Absent Member.
‎2014-04-29 13:12
593 views

Logger 5.5 bug? rawEvent exports rawMessage

I upgraded the loggers to 5.5 this weekend and I believe there is a bug in the way logger exports events to a file.

We use rawEvent for a troubleshooting use case and have it enabled at the connector appliance.

Since upgrading to logger 5.5, when exporting the rawEvent, it actually exports the rawMessage instead of the rawEvent.  The rawMessage is in CEF and contains too much information for us to quickly troubleshoot network issues.

I submitted a service reqeust for this yesterday.

Here's my export screen showing All fields selected.  And below it is a screenshot of the exported .csv file showing the rawMessage in the rawEvent field.  You can tell that we have preserve rawEvent enabled because the CEF rawMessage field actually contains the rawEvent.

rawEvent5-5export.jpg

rawEvent5-5.jpg

Labels (3)
Tags (1)
0 Likes
Reply
7 Replies
sanhyongt1
sanhyongt1 Absent Member.
Absent Member.
‎2014-05-30 03:42

Re: Logger 5.5 bug? rawEvent exports rawMessage

Hi Ed Koeller,

I can confirm this behaviour as well on software logger 5.5 P1.

Any confirmation from Support on this yet?

Edited: I have logged a case as well for this issue on software logger 5.5 P1. Hope to get this fixed soon.

Thanks.

0 Likes
Reply
ekoeller@ameren1
ekoeller@ameren1 Absent Member.
Absent Member.
‎2014-05-30 04:53

Re: Logger 5.5 bug?  rawEvent exports rawMessage

Hello
,

HP support asked me to patch to 5.5 patch 1 and see if the issue still exists.  I am working through our change management process to apply the patch, but I will report to them that you confirmed the same issue in patch 1.

0 Likes
Reply
CBCJWINN1
CBCJWINN1
New Member.
‎2014-06-13 16:03

Re: Logger 5.5 bug? rawEvent exports rawMessage

I'm also experiencing this problem.  My workaround for now is to add the following to the search string:

| rex "rawEvent=(?<RAW>.*)\scustomerURI="

It's not perfect, but at least I can work with the results in a CSV export using the new RAW field.  An escape "\" is added before some characters, such as "=".


0 Likes
Reply
gportnoy1
gportnoy1
New Member.
‎2014-12-10 20:17

Re: Logger 5.5 bug? rawEvent exports rawMessage

I just ran into this in 6.0, so safe to say this hasn't been fixed yet, unless you know of a workaround?  I need rawEvent it to submit a parser issue, i am sure support is going to have a ball with that. Should be fun.

0 Likes
Reply
ekoeller@ameren1
ekoeller@ameren1 Absent Member.
Absent Member.
‎2014-12-23 22:32

Re: Logger 5.5 bug?  rawEvent exports rawMessage

I tested this on 6.0 patch 1 and the issue still exists.  I requested an update on the support case I submitted.

0 Likes
Reply
ekoeller@ameren1
ekoeller@ameren1 Absent Member.
Absent Member.
‎2015-01-30 17:31

Re: Logger 5.5 bug?  rawEvent exports rawMessage

I was told by HP support that this is expected to be fixed in logger 6.1.

0 Likes
Reply
Highlighted
sanhyongt1
sanhyongt1 Absent Member.
Absent Member.
‎2015-03-13 02:55

Re: Logger 5.5 bug?  rawEvent exports rawMessage

Thanks for the update, Ed Koeller.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.