Maintaining Table Map and Service Index files
I was wondering if anyone could explain me what's the order for service restarting (Log Decoder, Log Collector, Concentrator, Broker¿?)
And what other files (index-concentrator‐custom.xml or index-logdecoder‐custom.xml) should be modify for this case scenarios:
1) Adding new metadata in table-map-custom.xml or index-logdecoder‐custom.xml or index-concentrator‐custom.xml files
2) If I create a Custom Feed, which file shoud I need to update in order to show metadata within Investigation/Navigate screen?
3) If I deploy an EnVision UDS, which file shoud I need to update in order to show metadata within Investigation/Navigate screen?
4) Finally. What's the difference between index-logdecoder‐custom.xml and index-decoder‐custom.xml ?
Frankly I don't get when to update an xml file (...and which one) and when to restart the services and in what order.
Actually, I'm restarting all services at once and if I add some metadata in, for example, index-logdecoder‐custom.xml I also add it to index-concentrator‐custom.xml and viceversa.
Thank you all in advance for your responses.
- Community Thread
- Forum Thread
- RSA NetWitness
- RSA NetWitness Platform
table-map-custom.xml- File used for defining meta key for parsing the meta values. This file exists in Logdecoder.
index-logdecoder‐custom.xml- File used for indexing the meta values for showing up in the investigation page against logdecoder. But logdecoder focuses only on parsing. But not designed for indexing. So, defining values in this file is not recommended.
index-concentrator‐custom.xml- File used for indexing the meta values for showing up in the investigation page against Concentrator.
index-logdecoder‐custom.xml (located in Logdecoder) and index-decoder‐custom.xml (located in Packetdecoder)
How to edit all these files explained in below KB.
Archiver will have index-archiver-custom.xml. But, the meta that is going to be defined in index-archiver-custom.xml should exists in Meta Include list. Otherwise, that meta can't be indexed.
Please use below document for Meta Include details.