Highlighted
Contributor.. jfbergeron Contributor..
Contributor..
183 views

agentReceiptTime

Hi,

Is there a way to make a query on the agentReceiptTime field on the logger v.5.2? I tried to do one and I receive the error message: The search cannot be run, there is an error in your query: Field [agentReceiptTime] is not a field that can be searched on. Also, this field seems not indexable.

We are currently migrating events from our old logger to the new one and the original event time, on the migrated events, is stored in the field "agentReceiptTime". On the new logger, the event time is the time where the new logger received the event from the old logger.

Thank you very much!

Jeff

Labels (1)
0 Likes
Reply
1 Reply
Absent Member.. Dean Farrington Absent Member..
Absent Member..

Re: agentReceiptTime

I have never attempted this, so look at it as something to look into only.

Could you use the feature in 5.2 that allows you to add a schema field (via system maintenance) to add the field you need ? if this was not a field that ArcSight already uses I would feel more configent about it. Not sure the ramifications of trying to add a field ArcSight normally uses. Might be worth asking support if you can do this ?

Dean

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.