Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Custom Log Source Types

Use the DSM Editor to create and configure a custom log source type to parse your events. If you create a log source type for your custom applications and systems that don't have a supported DSM, JSA analyzes the data in the same way that it does for supported DSMs.

You can select events from the Log Activity tab and send them directly to the DSM Editor to be parsed. Or you can open the DSM Editor from the Admin tab to create and configure a new log source type.

Complete the fields in the DSM Editor with the correct structured data to parse relevant information from the events. JSA uses the Event Category and Event ID fields to map a meaning to the event. The Event ID is a mandatory field that defines the event, and the category breaks down the event further. You can set the Event Category to the Device Type name, or you can leave it as unknown. If you leave the Event Category as unknown, you must set it to unknown for any event mappings that you create for this log source type.

Use the DSM Editor to map your Event ID/Event Category combinations that you are parsing from your events. Enter the Event ID/Event Category combination into the new entry in the Event Mapping tab. You can choose a categorization of the previously created QID map entry that is relevant to your event, or click Choose QID to create a new map entry.

Creating a Custom Log Source Type to Parse Events

If you have events that are imported into JSA, you can select the events on which you want to base your custom log source type and send them directly to the DSM Editor.

  1. Click the Log Activity tab.

  2. Pause the incoming results and then highlight one or more events.

    Note:

    You can select only a single log source type, and only the events from log activity that match the selected log source type are automatically added to the workspace.

  3. On the navigation menu, select Actions > DSM Editor, and choose one of the following options:

    • If you are parsing known events, select your log source type from the list.

    • If you are parsing stored events, click Create New. Enter a name for your log source type in the Log Source Type Name field and click Save.

  4. In the Properties tab, select the Override system properties checkbox for the properties that you want to edit.

Related Documentation