000033597 - How To Add Additional Meta Keys in Archiver in RSA Security Analytics Core Appliance

Document created by RSA Customer Support Employee on Aug 2, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000033597
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Core Appliance
RSA Version/Condition: 10.4.x,10.5.x,10.6.x
 
IssueHow to add additional meta keys into Archiver if it is required.
Resolution
  1. Select Administration->services->config
            User-added image
      2.  Select File->inde-archiver-custom.xml
           User-added image
       3.  Add required meta in index-archiver-custom.xml and press Apply
                   Example meta : category
            User-added image
     4.  Login archiver through console(ssh) and run restart nwarchiver
    
     5.  In Archiver GUI ->general tab -> Stop aggregation
  
     6.  Select the decoder in Aggregated services and edit
             User-added image
        7.    Find the new meta key in meta include  and select
             User-added image
        8.  If you not able to find the meta in meta include restart jettysrv on SA

Attachments

    Outcomes