|Applies To||RSA Product Set: NetWitness Platform|
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 18.104.22.168
O/S Version: 7
|Issue||When ODBC event source configured and test connection successful with How to test an ODBC connection from a Log Collector in RSA Security Analytics/NetWitness Platform, The logs show odbc events being published as below.|
However, Investigate->Navigate with device.ip=<EventSourceIP> query, shows no events.
|Tasks||Logs must be coming to Investigate->Navigate page with multiple ip details in device.ip. But, not with original device.ip.|
|Resolution||Follow the below steps to get Original event source ip in device.ip meta key.|