Hi,
I need to define a static field on a data source, like ‘datacenter=Paris’. What is the best way to achieve that ?
Thanks
how to define a static field on a data source
Userlevel 1
Userlevel 2
+3
Hello,
You can do this by using enrichment.
You can add a custom enrichment source which contains the data source and datacenter information. Then this source can be used in enrichment policy with rules like; data source must be present for the enrichment criteria, and data source matches the one in the csv.
This will add additional fields to the logs based on your enrichment source, like “datacenter=Paris”
Hope this answers your question.
Userlevel 1
+3
Hi Jerome,
Rupsan’s answer is definitely the recommended way to go.
Alternatively, if you find that you are using normalization packages instead of compiled normalizers for the said device, then you can also clone the corresponding vendor normalization packages and edit the signatures to add a new field as datacenter = Paris.
Userlevel 1
Hi,
both previous answers are correct, nevertheless there is an other way by creating a labeling package and add Paris as a label to the logs.
Greetings
Irakli
Reply
Sign up
Already have an account? Login
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInLogin to the community
Already a Partner or Customer? Login with your LogPoint Support credentials. Don‘t have a LogPoint Support account? Ask your local LogPoint Representative. Only visiting? Login with LinkedIn to gain read–access.
LOGIN AS PARTNER OR CUSTOMER Login with LinkedInEnter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.