Micro Focus ArcSight Logger

ArcSight Logger delivers a universal log management solution that unifies searching, reporting, alerting, and analysis across any type of enterprise machine data.

Integration with LogicHub

Connecting with ArcSight Logger

To connect to ArcSight Logger following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • Server URL: Application server URL to connect to the ArcSight Logger. Example: abc.abcd.net or 10.10.10.10.
  • Server Port (Optional): Application server port to connect to the ArcSight Logger (Default is 443).
  • Login ID: The Login ID to connect to the ArcSight Logger.
  • Password: The Password to connect to the ArcSight Logger.

Actions with ArcSight Logger

Search Events

Search event objects in ArcSight Logger.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template for Query: Jinja-templated text containing the search query string to filter/process the events. Example: message CONTAINS {{query_column_name}}.
  • Start Time (Optional): Column name from the parent table to lookup value for start time (Default is Batch start time). Example: 2020-08-25T21:49:46.000-07:00.
  • End Time (Optional): Column name from the parent table to lookup value for end time (Default is Batch end time). Example: 2020-08-26T21:49:46.000-07:00.
  • Search Time (Optional): Select option for search time, it indicates the field date used for searching events (Default is Received Time).
  • Jinja Template for Fields (Optional): Jinja-templated text containing comma separated list of fields in order to show (Default is all fields). Example: {{fields_column1}}, {{fields_column2}}.
  • Number of results (Optional): Maximum number of results to return, must be between 1 through 10,000 (Default is 100).
  • Timeout (Optional): Maximum timeout duration per search in milliseconds for results to return (Default is 600000 milliseconds, 10 minutes).
  • Discover Fields (Optional): Select option for discovering fields, It indicates that the search should try to discover fields in the events found. Will be considered when Field Summary is set to True. Otherwise, ignored. (Default is False).
  • Jinja Template for Summary Fields (Optional): Jinja-templated text containing comma separated list of fields to be used to calculate summary when Field Summary is true (Default is empty). Example: {{summary_fields_column1}}, {{summary_fields_column2}}.
  • Field Summary (Optional): Select option for field summary, It indicates to use the field summary (Default is False).
  • Local Search (Optional): Select option for local search. Setting it as True indicates that the search is local only and does not include peers. Set it as False if you want to include peers in the search. (Default is False).

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: List of events.
{
  "Device": "Logger",
  "Event Time": 1598959891935,
  "Logger": "Local",
  "Receipt Time": 1598960492511,
  "Version": "0",
  "_rowId": "[email protected]",
  "agentSeverity": "2",
  "baseEventCount": 1,
  "destinationUserId": "1",
  "destinationUserName": "admin",
  "deviceCustomString4": "F3B80A1A9548F6FF7A962708E559D967",
  "deviceCustomString4Label": "Session ID",
  "deviceEventCategory": "/Logger/Resource/Dashboard/Configuration/Add",
  "deviceEventClassId": "logger:580",
  "deviceProduct": "Logger",
  "deviceReceiptTime": 1598959891883,
  "deviceVendor": "ArcSight",
  "deviceVersion": "7.1.0.8337.0",
  "endTime": 1598959891883,
  "error": null,
  "fileId": "1369094286720630795",
  "fileName": "Summary",
  "fileType": "Dashboard",
  "globalEventId": 0,
  "has_error": false,
  "message": "Dashboard [Summary] has been added",
  "name": "Dashboard added",
  "startTime": 1598959891883
},
{
  "Device": "Logger",
  "Event Time": 1598959891987,
  "Logger": "Local",
  "Receipt Time": 1598960492511,
  "Version": "0",
  "_rowId": "[email protected]",
  "agentSeverity": "2",
  "baseEventCount": 1,
  "destinationUserId": "1",
  "destinationUserName": "admin",
  "deviceCustomString4": "F3B80A1A9548F6FF7A962708E559D967",
  "deviceCustomString4Label": "Session ID",
  "deviceEventCategory": "/Logger/Resource/Dashboard/Configuration/Update",
  "deviceEventClassId": "logger:582",
  "deviceProduct": "Logger",
  "deviceReceiptTime": 1598959891985,
  "deviceVendor": "ArcSight",
  "deviceVersion": "7.1.0.8337.0",
  "endTime": 1598959891985,
  "error": null,
  "fileId": "1369094286720630795",
  "fileName": "Summary",
  "fileType": "Dashboard",
  "globalEventId": 0,
  "has_error": false,
  "message": "Dashboard [Summary] has been updated",
  "name": "Dashboard updated",
  "startTime": 1598959891985
}

Did this page help you?