000026912 - How to add custom meta keys in RSA Security Analytics compared to RSA NetWitness NextGen

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026912
Applies ToRSA Security Analytics
RSA Security Analytics Decoder
RSA Security Analytics Log Decoder
RSA Security Analytics Concentrator
RSA Security Analytics Broker
RSA NetWitness NextGen
IssueHow to add custom meta keys in RSA Security Analytics compared to RSA NetWitness NextGen.
How is the process of adding language keys different in Security Analytics than the process on NetWitness NextGen appliances?

In RSA Security Analytics, a change was made from the RSA NetWitness NextGen implementation that affects how custom language keys (stored in the index-<service>.xml files on the appliances) are preserved after version upgrades.


Beginning in RSA Security Analytics 10.0, upgrading from an RSA NetWitness NextGen version (9.8 and below) replaces the existing index-<service>.xml file (i.e. index-broker.xml) with a new default file that remains static through future upgrades.  A new custom XML file, index-<service>-custom.xml (i.e. index-broker-custom.xml) has been created to house any custom meta keys, which--unlike the index-<service>.xml file--will not be modified or overwritten during a subsequent upgrade.


This change was necessary to allow the index process and upgrades to be completed in an efficient manner while still providing customers with the flexibility to add their own meta keys and not forgo any features they have grown to appreciate.


For full instructions on creating meta keys, refer to the document entitled How to add custom keys in Security Analytics 10.0 and higher.



If you have any questions about the information above or experience any issues, contact RSA Support and quote this article ID for further assistance.

Legacy Article IDa63114