Highlighted
597 views

Automated CSV import into Manager

Jump to solution

Hello,

Would you, please, tell me, is it possible to configure a  Smart Connector to import CSV file (which contains events) from exact  drectory of another server on the net? What connector should be  selected? Is there any other solution to automate this kind of process?

Thank You.

Labels (2)
0 Likes
Reply
1 Solution

Accepted Solutions
Highlighted
Absent Member.
Absent Member.

Ah, I think I know...

If the events are already in the csv and you want to read them there is a default setting you need to change to get it to work. You need to tell your connector to NOT start at the end of the file. By default it will begin reading for events at the end of the file, that way it never reads old events. You WANT it to read old events so you need to tell it to not start at end.

View solution in original post

0 Likes
Reply
8 Replies
Highlighted
Established Member..
Established Member..

It depends on what you're trying to do.  Are you just looking at building a basic flexconnector to read in the events like any other connector, or are you looking to pull the events into an active list?  From the phrasing of the question, it sounds like you simply have a CSV that contains events and you want to read them in, which would just use a normal filereader flex connector.

0 Likes
Reply
Highlighted

Thx. Yes, I have a bunch of events in CSV format from a remote source. The task of installing ArcSight FlexConnector File seems quite clear, but I am wondering if ArcSight supports events from CSVs, because somehow I can't extract events from that csv. I was tokenizing the file and it seemed to be ok, but still Connector could not recognise the events in that file. An examlpe of event looks like this:

2010.9.10 13:18;nordlb1528;;Tomas Krivelis Klaipëdos KAS, Vadybininkas;blankas_j1;30702

So it is 6 tokens. I've set delimiter to ; and modified the value of time format in .sdkfilereader.properties (token[0].format=yyyy.MM.dd HH\:mm\:ss).

Gintas

0 Likes
Reply
Highlighted
Established Member..
Established Member..

One problem I see is you're looking for seconds in the timestamp format, but the actual timestamp only uses HH:mm

Try this:

delimiter=;

#Uncomment the next line if you need it

#text.qualifier="

trim.tokens=true

contains.empty.tokens=true

token.count=6

token[0].name=endTime

token[0].type=TimeStamp

token[0].format=yyyy.MM.DD HH\:mm

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Ah, I think I know...

If the events are already in the csv and you want to read them there is a default setting you need to change to get it to work. You need to tell your connector to NOT start at the end of the file. By default it will begin reading for events at the end of the file, that way it never reads old events. You WANT it to read old events so you need to tell it to not start at end.

View solution in original post

0 Likes
Reply
Highlighted

Chris,

I was trying both of the ways, either

yyyy.MM.DD HH\:mm

and

yyyy.MM.DD HH\:mm\:ss

But still parsing was unsuccessful.. Thank you anyway

0 Likes
Reply
Highlighted

Hi, Justin,

Looks like that was the reason. Now I do have those events in Manager. I've changed value of

agents[0].startatend=true

to

agents[0].startatend=false

in agent.properties file.

Thank you

Regards,

Gintas

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Excellent! I'm glad that worked for you. Sorry for being vague, I couldn't remember the exact value off the top of my head

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

I'm responding to your original question, and not the whole thread, and au usual my suggestion goes in a whole nother direction.

Getting a file from an exact directory from another machine can be accomplished with SCP, or NFS (if *NIX) be sure to read these

warnings about how to secure NFS:

http://www.linuxsecurity.com/content/view/117705/49/

A Windows Universal Connector can be modified as a "replay connector" using, I believe a csv file containing events, I'm not sure

from your post if this is the desired result but those events can be processed by the ESM Rules Engine.  This is done by ArcSight

Education in the ACSA class.

Cheers, KauaiDave

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.