I tried to download a pre build rule from "Live " in SA.I opened the downloaded file through Notepad ++ but it is not showing the syntax .
How to view the syntax of the rule?
I renamed it .Now it works .
Your file looks like this?
You have to unzip it again!
Then you will get 3 module files.
module.ftl is your esa rule.
Thanks for the reply.
Once I download the rule from live. I can see only one file which is not zipped
kindly let me know once the file opened in notepad ++,where I can find the folder to unzip to view the modules .
Normally when you download content from live you get a zip file like this "resourceBundle1014340502651945174.zip" .
Included ESA rules packages have the suffix .esaa (also a zip package - unzip again).
then you'll get the modules.*
Thanks for your response .
I downloaded the content from live for RSA Event Source Analysis Rule .
When I opened the ESA rule package have the suffix.esaa in notepad++
The file looks likes the above mentioned format.
But I could not find an option to unzip the suffix .esaa package when I right click on the file to view the modules .
esaa is also a zipped archive. You can try to rename it or use 7zip ;-)
Retrieving data ...