jlf23_231 Absent Member.
Absent Member.
425 views

Can the connectors be configured for D-Duplication?

Can the connectors be configured for D-Duplication?

0 Likes
Reply
5 Replies
john.petropoulo1 Absent Member.
Absent Member.

Re: Can the connectors be configured for D-Duplication?

No they can’t.

To de-dup events the connector would have to have a very accurate understanding of how a device behaves under specific conditions. Today, the connector only categorizes events in very general terms, and doesn’t provide any logic on pulling out the single event that is interesting while suppressing the rest.

This is further complicated if you think about the event mappings and the required fields for proper reporting and correlation. Some products provide a single event that is very useful, however many split the information over several events and require upstream correlation/tracking.

/J

0 Likes
Reply
Highlighted
MaryCordova Frequent Contributor.
Frequent Contributor.

Re: Can the connectors be configured for D-Duplication?

Aggregation could achieve some similar results to de-duplication couldn't it?

0 Likes
Reply
Outstanding Contributor.. andrew.dalbor Outstanding Contributor..
Outstanding Contributor..

Re: Can the connectors be configured for D-Duplication?

Agree with Mary on that one.  Aggregation would achieve pretty similar results depending on the aggregation conditions.

0 Likes
Reply
prentice@hpe.co Honored Contributor.
Honored Contributor.

Re: Can the connectors be configured for D-Duplication?

That depends on what you consider duplication.

If you are talking about a log entry from a single device being collected more than once, that shouldn't happen (ideally, but it can...).

If you are talking about a log entry from a single device that the device keeps repeating, the connector can't do much about that.

If you are talking about a group of devices creating multiple copies of the same log entry, you've got other problems (and no, the connector isn't going to help).

Aggregation will not dedupe events. It will collect very similar log entries over a small time period and send a single event with an aggregation count based on the number of log entries, but that is not deduplication.

Apologies for being pedantic, but it seems like it was needed.

0 Likes
Reply
Respected Contributor.. jdickinson@hpe. Respected Contributor..
Respected Contributor..

Re: Can the connectors be configured for D-Duplication?

Event duplication in connectors usually happens because there are multiple destinations in one connector registered and forwarding events.  1 destination is likely forwarding to a logger that in turn is forwarding to the ESM.  The other destination is registered to the ESM and is also forwarding events.  Look at the event in question there should be 2 different event id's and 2 different original agent id's. if the same event has different event id then it is actually 2 entries in the database.  If it also has 2 original agent id's then it is coming from one of the other destinations in the connector.

Alternatively event duplication could be confused with event aggregation. If the log has many similar events that seem to be the same.  these can be aggregated so that 1 event is sent to the ESM with a aggregated event count of 1 or more.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.