Popular Tags

  • How to filter All events between well defined Events

    Hi All, my question is, is it possible to configure a Filter or a search, where the result contains all messages that are between a start and a End-Message? Example: The first (Start-Messge) contains a string like this "ccsipDisplayMsg:" The…

  • ArcSight Logger Search and report

    Hello Guys, I am wondering why there are two different dashboard items in the logger (the search dashboard and the report dashboard) as they can do the same things. Also, two different data sources (Logger Report DB and the logger searchDB). …

  • RE: Can we print the query, date and time and user name for the logger search results output in csv file

    I've been told that currently on Logger search there is no option to do this, but there could be a way to do this on reports by creating a logger search report. Could anyone help to confirm this!?

  • event search best practice

    Hi, there was an announcement during the Logger session of the recent Protect 20217 event (Kausalya, Aaron), stating that there is new guide / document pertaining to best practice of logger search ... where to find it? Thank you!

  • How to override the limits for result events ? how to show more than million records in logger search?

    I wanted to extract events to csv from the result of my search. As, I do retrieve more than million records I have been shown by the logger only limited results. If I wanted to extract more than that, how do i extract Eg: deviceVendor="Palo Alto Networks…

  • Logger search rights

    Dear All, Is possible to create a group that just let to their users to search some devices/deviceGroup? We would like to restrict the access to the user to just what they need or are allowed to see Any inputs? Best regards, Karl.

  • Is Multiple lookup possible in a single search query in logger 6.1?

    Hi, I have a situation where my single search query needs to fetch data from multiple lookup files. I am able to do one lookup in the query and I am getting correct data also but as soon as I add another lookup in the same query, it says no result found…

  • Logger Analyze / Search adjust column width

    Hi there, I have a logger search where I only want to show the rawEvent column device time (3 columns). Column width seems to be equal for each column. It is manually possible to change the column width but the setting is not saved. What would be ideal…

  • Logger - Make a field searchable?

    I am getting the following message when trying to search for fileHash for Bit9 alerts. query: fileHash = <hash value> " There was a problem: Field [fileHash] is not a field that can be searched on." according to the ArcSight/Bit9 Connector Field Mapping…

  • Logger Archive Events

    Hey All, I have tried in vain to locate events in our logger indicative of a successful or failed archive job. Logger documentation states that it would either be a Logger:525 or a Logger:528. I have searched via the Logger for both events, for deviceEventCategory…

  • ArcSight Logger Search based on type Conversion

    Hi Friends, Has anyone tried converting the field from String to Integer in the Logger search and apply the Sum/Count Function on it. Is it possible using the regex or other search operators in Logger. Is it possible ? Cheers, Bala

  • peer query crashes

    We have 8 loggers peered with one another, with all user searching based on one primary logger. I can consistently create following error in logger_server.log:     [2015-02-16 10:51:37,425][FATAL][MySQLQueryExecutor4G][closing ResultSet][Thread-68]  …

  • How to Create a Dashboard in Logger

    Hi All, Created a document on "How to create a dashboard in Logger". It also include few examples on how to write a saved search query and call them on a dashboard by using "Add Panel" option. Appreciate your feedback. Regards, Anirudh
    • How to Create a Dashboard in Logger.pdf
    • View

  • logger peer search timeouts

    We have 8 loggers peered, with all users logging into one main logger and doing their searches peered. We are seeing consistent errors in the primary logger during peer searches (see below). All loggers are at 6.0. I can get the error with fewer peers…

  • ArcSight Command Center: Your session has timed out. Please login again.

    Hiasdsad

  • Searching specific hour in Logger

    I need to find out after office hours logon activities over one week period in Logger. I know it can be done in Logger report query (select ... where hour(endTime) < 8 and hour(endTime) > 18), but how can I do it in Logger search?

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Cookies Preferences
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.