Community in read only mode June 18 & 19
This community will be set in READ ONLY mode for a while on Tuesday June 18 into Wednesday June 19 while we import content and users from our Micro Focus Forums community site. MORE INFORMATION
anuyamunan Absent Member.
Absent Member.

What is the best way to fetch raw events based on specific criteria (event IDs and time duration) from ArcSight ESM using the API?

We would like to fetch logs of certain recent events from ArcSight ESM within a time duration, say the most recent hour. Based on our research, it looks like there is no way to send a time duration within the web services API call. Anyone has tried this?

The idea is to create the Query Viewer service to look at the last hour's information and get the associated events. Any insights on this?

Labels (2)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.