Popular Tags

  • Time format

    Hi I receive data through the API and by default it comes in JSON format with collections. The data time has the following form - 2024-07-02T22:13:39.714000 Next, I convert this data into CEF format and use the Flex Connector Regex File to send the…

  • time ranges in ESM Console (+ECC) not filtering out events - clarifications needed

    Hello to Everybody, I have some some issues working with time ranges in ESM Console or in ESM Command Center (by using where keyword). I would like to search for different events during a period of multiple days, but before+after working hours and I tried…

  • Use timestamps in rule's condition

    Hi, I would like to use timestamps in the conditions panel. More specifically, we sometimes get events with older timestamps or timestamps in the device custom date key. I would like to set up a rule that only triggers if these timestamps are not…

  • Parse MM:dd:yy HH:mm:ss timestamp

    On my log timestamp is formatted "04/15/19 13:43:28" , So how I map to device.receiptTime field? My config file is below but it can't parse it. token[2].name=Timestamp token[2].type=TimeStamp token[2].format=MM\:dd\:yy HH\:mm\:ss

  • Filter does work, but the rule - not

    I've got an unusual issue with our instance of ArcSight (it's quite old 6.9.1c Patch 2 version). I've tried to create a rule for each first event, that contains a logon (or failed logon) to AD of any user. So first I've created a filter that catches all…

  • RE: Date Conversion problem in Flex CSV file

    In past i foud this documet on this forum. Maybe can help you.

  • RE: endtime parsing problem

    Hello, try to read this document. I hope you will find the answer on it.

  • FlexConnector Timestamp Conversion - SharePoint ULS Log

    I have a need to process data from SharePoint ULS logs using a custom FlexConnector. I am having trouble converting the timestamp in these logs properly. An example of a timestamp in the ULS log is: 03/29/2016 18:34:02.68 My sdkfilereader.properties file…

  • FlexConnector timestamp format to process exported Windows Event Log timestamp

    I have a need to configure a FlexConnector (multiple folder file) to process exported Windows Event Logs instead of using the Windows Event Log SmartConnector(s) that are available. I am having an issue trying to figure out what timestamp format I need…

  • Accessing Current Time ($Now) with a Variable

    I have a use case where I want to compare a timestamp field in an Active List entry to the current time (like Python's datetime.datetime.now() ) using TimeDifferenceInMinutes - only to discover that ArcSight ha s no equivalent of the $Now variable to…

  • MS DNS Connector TimeStamp

    Hi, we have just discovered that the standard multi file reader MS DNS connector does not have an option in the timestamp processing for European timestamp format (dd/MM/yyyy HH:mm:ss). This is an extract from the unobfuscated parser: event.deviceReceiptTime…

  • create timestamp from "Oct 22 11:23:33"

    Hi, i have to parse this type of time expression to endTime but there is no year section , and month is indicated as word like oct feb etc. Can you help me to converti this month to regular integer and add current year. create timestamp from "Oct 22 11…

  • TimeStamp is not woking with one xml flex but with the other?

    I am facing the problem that I have two xml flex connectors from which one is able to parse the TimeStamp of an expression correctly. The other one has problems to parse it correctly, though. The one which is working looks the following: Event: <?xml…

  • How can I parse a dMMMyyyy date format a HH:mm:ss time format into a timestamp (in a fixed-format log file of a flexconnector)?

    Hello, I am having some troubles when programming a flexconnector: The log file has a date with dMMMyyyy format (for example 1Ago2015), and a time with HH:mm:ss. So I am trying to have a timestamp like "1ago2015 21:02:36". I have tried many ways and anyone…

  • IIS on Windows 2008 Intermitent log collection issues

    Hi All, I have been investigating an interesting problem with IIS on Windows 2008 and above. Has anyone here experienced intermittent issues with IIS log collection? I have had a number of complaints lately and we have found out that there is an actual…

  • Token function on submessages

    Hi All, I have been trying to figure this for sometime now and i do not see where I am going wrong. Extract of my properties files submessage[0].pattern.count=1 submessage[0].pattern[0].regex=\\S \\s(\\d{1,2}\\/\\d{1,2}\\/\\d{1,2})\\s\\S \\s(\\d{1,2}…

  • Timestamp issue -unable to parse the time format

    Developing a log file flex connector where in we have a timestamp format 2014-01-25 20:35:33 11:00 when tokenizing time to yyyy-mm-dd hh:mm:ss z for (2014-01-25 20:35:33 11:00) its not getting parsed. kindly advise if anyone encountered these kind of…

  • Oracle time flex, indexing timestamp

    Hello all, we have developed time-based DB flex connector to query Oracle database. However, there is high load on DB caused by the connector with this query: select * from dm_audittrail_s where TIME_STAMP>=? The TIME_STAMP columns is not indexed, but…

  • I suck at FlexConnector timestamp parsing.

    I've got a space delimited log file, and I'm trying to get the timestamp from the following two tokens. Any ideas? 2013-02-01 "[01/Feb/2013:00:19:47 -0600]" I've parsed out the first token as a Date object, and I extracted the important string from the…

  • Epoch time formatting help

    I'm trying to format an epoch timestamp that comes in like this 1359561337.362 My token declarations look like this: token[0].name=Token0 token[0].type=TimeStamp token[0].format=yyyy-MM-dd HH:mm:ss:SS and my token assignment looks like this: event.deviceReceiptTime…

  • SmartConnector not logging anything.

    I have a custom smartconnector setup on a few servers that is taking a manually (scripted) parsed logfile. An example entry looks like the following: 12:08:36,351|INFO|[org.jboss.as.jmx.JMXConnectorService]|(MSC service thread 1-2) Starting remote JMX…

  • Time stamp error rule

    Hi, I need to create a rule for Time stamp errors. What I actually want is a rule to be triggered if the Time stamp difference between End Time and Manager Receipt Time is more or less than 24 hours. Please let me know the parameters which will satisfy…

  • Mix of US & Europe timestamps?

    Hello, I'm writing a FlexConnector (multiple folders) to parse several log files. Problem: files are exported from several sites around the world and the timestamp formats are not configured in the same way: Some formats are: "dd/MM/yyyy HH:mm:ss" Others…

  • Access Timestamp attributes

    Hi all! I intend to collect particular event counts per day (or hour) and have these events directly grouped within the ActiveList or Trend. The original timestamp fields like $endTime are not suitable for my purpose because these are too precise (->…

  • Retaining original timestamp on cases after import

    We are using ArcSight ESM 4.0. We recently moved from a backup ESM back to our primary. Prior to the move I backed up all of the cases to a bundle and imported that bundle into the primary ESM. After the import I noticed that the "Created by" information…

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Cookies Preferences
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.