Logger Reporting package - byte count by day

File uploaded by pbrettle on Apr 24, 2015
Version 1Show Document
  • View in full screen mode

With the release of Logger 5.5 Patch 1 focusing on raw GB/day for licensing and a recent need to provide that info to a prospect at a Logger POC, I worked with a few members of the team to create a report that outputs GB/day based on raw byte counts collected by Logger.

 

The process outlined in this guide covers the following 5 areas:

1. Creating a new report category (folder) for the new ByteCount query and report

2. Creating the underlying ByteCount query to access the ArcSight Logger CORRe data store and sum raw byte information

3. Running the ByteCount report

4. Using iPackager in Logger to export the report category (folder), report, and underlying query (exports a .cab file, and a .config file)

5. Using “Deploy Report Bundle” in Logger to import the report folder, report, and underlying query (imports the .cab file)

 

Attached zip file includes the import CAB (works across multiple Logger versions), the CAB config file, and a document that has screen shots / steps end to end to create, run, use, export, and import a report.

 

Thank you to Aaron Kramer for the underlying query to use for the byte count query, and thank you to Dave Empringham for the pointer to an earlier iPackager report migration as well as for testing out the import.

 

Please note that this reporting package was created by Paul "MacGyver" Carman. All reporting templates and queries are provided "as-is" and are not directly supported or provided by HP. Please use, test, customize and share what you have.

Outcomes