Site Search
Security business menu
Security business
HOME
To be elected
cause
Service
Handling Manufacturer
Examples/reports/
Blog/Glossary
Seminar/
video on demand
TOP
Products/Services
Specifications/Technical Information
solution
User stories
support
Seminar content
Evaluation machine application/FAQ
Document request
inquiry
Event/Seminar
video on demand

Is it possible not to import data containing specific characters?

It is possible by the control on the index server side.
Settings are made in two configuration files, "props.conf" and "transforms.conf".

Below is a sample configuration.

----------------------------------------
■props.conf
[wmi]
TRANSFORMS-test=testnull
----------------------------------------

* Since wmi is a source type, it is necessary to set it according to the customer's environment.

----------------------------------------
■transforms.conf
[testnull]
REGEX=^EventCode=(592|593)
DEST_KEY=queue
FORMAT=nullQueue
----------------------------------------

*testnull must be associated with the props.conf setting definition.
* In REGEX, specify the pattern of events that you do not want to import with regular expressions. In the example, if EventCode=592 or EventCode=593 exists in the log, it will not be captured.
*Use the DEST_KEY and FORMAT settings as they are.

After the above settings, restart the index server.

to previous page