The Undiscovered Country

Summary:

The document outlines the process of using custom fields in HP ArcSight Logger for enhanced log management and analysis. It starts with setting up maintenance mode, defining field properties like display name, type (Double/BigInteger/DateTime/Text), and a shorter field name. After adding these fields to indexing, values are populated either through MAP files for SmartConnectors or additional data properties for FlexConnectors. The document highlights the versatility of custom fields in applications such as IP-GEO lookups, handling large numbers with BigInt type, extracting domain names from URLs, and financial transaction analysis with Double precision decimal values. It concludes by emphasizing how these custom fields can enrich data beyond Logger's standard functionalities.

Details:

This text provides a comprehensive guide on how to utilize HP ArcSight Logger's custom fields for enhancing data management and analysis capabilities. The document begins by explaining the purpose of ArcSight Logger, which is to provide universal log management across various sources and types of logs. It then delves into what custom fields are in Logger, noting that these are user-defined fields added to the Logger schema allowing up to 100 new fields for customization. The document explains how to put Logger into maintenance mode, decide on field properties including display name, type (Double/BigInteger/DateTime/Text), and a shorter field name, then save and exit maintenance mode to add these fields to indexing. The process of filling the custom fields with interesting values is explained next. This involves two methods: SmartConnectors can use MAP files while FlexConnectors can set additionaldata properties. The article covers various applications for custom fields including adding IP-GEO lookups, handling large numbers in BigInt type, extracting domain names from URLs, and analyzing financial transactions with Double precision decimal values. It concludes by emphasizing the potential of Logger's custom fields for data enrichment and analysis beyond the standard functionalities provided by ArcSight Logger. This text seems to be about managing and utilizing custom fields in a specific domain, such as law enforcement or transportation systems. Here's a summary of the key points mentioned in the text: 1. **Managing Custom Fields**:

• Various functions like search, investigations, summaries, charting, and drill-down are available for working with custom field sets. These fields can be selected, arranged, saved, and utilized efficiently across different scenarios within a specific domain.

2. **Custom Field Sets**:

• Users can create and save "sets" of fields which can include names like patrol car, VIN number, locomotive ID, etc., depending on the application (e.g., police cars, auto parts, train tracking). These sets are tailored to particular needs such as tracking GPS data for locomotives or managing unique identifiers in fleet management systems.

3. **Data Lookup and Integration**:

• Custom field values can be populated from external sources like vehicle databases used by the police (patrol car), manufacturer part suppliers, and locomotive train tracking services. This integration allows for more comprehensive and accurate data entry without manual intervention.

4. **Security Considerations**:

• The text briefly mentions "Security for the new reality," possibly suggesting that managing custom fields in such domains comes with its own security challenges or considerations as systems become more integrated and data-driven.

Overall, this information is focused on enhancing data management efficiency and accuracy within specific business or operational contexts by utilizing customizable field sets tailored to particular needs and integrating data from various sources.