This topic describes how to add a new or existing data source to the Event Stream Analysis service.
An ESA service ingests data from a Concentrator to detect incidents and alert the user. For ESA to analyze data, you need to configure the sources from which the ESA will read data. Use the procedures in this topic to add data sources for your ESA.
You must have one or more Concentrators configured in NetWitness Suite.
The Event Steam Anaysis service must be installed and running on NetWitness Suite.
You must perform the following steps to add a data source:
- Add an Available Data Source
- Specify username and password for the Data Source
Add Existing Services as Data Source
- Go to ADMIN> Services.
The Services view is displayed.
- In Services view, select an ESA service and select > View > Config.
- On the Data Sources tab, click .
The available services are displayed as shown in the following figure.
- Select one or more Concentrators and click OK.
The service is added to the list of services in the Data Sources tab.
- (Optional) Click Enable to enable the data source.
- Click Apply to save the configuration.
Specify Username and Password for the Data Source
To specify the username and password for the data source: