Highlighted
mgjk Absent Member.
Absent Member.
412 views

Report Writing Tutorial?

Hello Everyone,

First post to the community forum... forgive me if this is easy to find.

Is there a report writing tutorial for Arcsight Logger?  I generated some reports, but there are a lot of features which aren't obvious as to how or why I would use them.  A tutorial going from basic concepts to more advanced features would be very helpful.  The documentation is great at describing what features are and how I would use them, but it doesn't seem to address what they do or why I need them.

Is there such a thing?

Thanks,

Labels (2)
0 Likes
Reply
2 Replies
Vini Acclaimed Contributor.
Acclaimed Contributor.

Re: Report Writing Tutorial?

Hi Mike,

I don't know of any tutorials, the documentation is the best we have.

I would suggest having a look at the existing out-of-the-box reports and use them as a basis to get started.

There are features of the reporting engine which are not very well documented from memory.

If you have any specific questions post them here and we may be able to help.

Vini

0 Likes
Reply
katzmandu1 Absent Member.
Absent Member.

Re: Report Writing Tutorial?

I started writing a huge response about how to write reports for ESM, but then I realized your question was about Logger. D'oh!

The only way to get really good at writing reports for Logger is practice, and even then you'll have quirks and strange results, sometimes.

One resource you can use is to look at the many MySQL query tutorials on-line. The Logger Report Query Engine is all based on MySQL-style queries. If you look at that syntax (like using % as a wildcard, the term "LIKE" instead of "=" etc.) you'll find you can get ahead of the curve.

Also, one of the major restrictions is the Web GUI itself. I find that sometimes the windows with the different event attributes don't draw correctly on different browsers. I've had more luck with the later versions of IE than I've had with FireFox or Chrome.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.