Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Highlighted
jklein Frequent Contributor.
Frequent Contributor.
400 views

WINC Conditional Mappings

I have a problem mapping more info from event ID 400 (PowerShell Version).

Raw Event : {"System":{"EventId":"400","Version":"","Channel":"Windows PowerShell","ProviderName":"PowerShell","Computer":"COMPUTERNAME","EventRecordID":"3628","Keywords":"Classic","Level":"Information","Opcode":"","Task":"Engine Lifecycle","ProcessID":"","ThreadID":"","TimeCreated":"1522976977881","UserId":""},"EventData":{"%1":"Available","%2":"None","%3":"\tNewEngineState=Available\n\tPreviousEngineState=None\n\n\tSequenceNumber=9\n\n\tHostName=ConsoleHost\n\tHostVersion=2.0\n\tHostId=000000000\n\tEngineVersion=2.0\n\tRunspaceId=000000000\n\tPipelineId=\n\tCommandName=\n\tCommandType=\n\tScriptName=\n\tCommandPath=\n\tCommandLine="}}

I tried using a conditional map, but I'm not sure I'm doing this correctly.

current\user\agent\fcp\winc\windows_powershell\powershell.sdkkeyvaluefilereader.properties
# PowerShell Version Number
conditionalmap[0].mappings[92].event.flexString1=EngineVersion
conditionalmap[0].mappings[92].event.flexString1=__stringConstant(PowerShell Engine Version)


Anyone have any ideas? I would greatly appreciate it!

0 Likes
1 Reply
jklein Frequent Contributor.
Frequent Contributor.

Re: WINC Conditional Mappings

If my issue is too specific, perhaps someone can provide some more general info. 

Powershell log aside, anyone have any detail on how to do this for an event out of the Security event log?  Say I wanted to add an event that isn't parsed by default, how would I go about doing that for WINC?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.