Add Custom Definition
Last updated
Last updated
Before adding new Custom definition, you should create a new custom definition entry.
1. Click to Custom Definition on the left pane.
2. On the Custom Definitions Management screen, click Add (+) button on the right top section.
3. Select type of Server.
4. Fields will change based on the type.
File Based server type includes Windows (Server), Windows (Workstation), Linux (Server), Linux (Workstation)
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
Groups
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
Log Path
The log path represents the directory or location where log files are stored or generated within a system or application.
Category
Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering.
Collection should begin
Select a proper time frame from dropdown.
Initiation or start of log data aggregation or recording within a system or application.
Status
Custom definition can be enabled/disabled from status field.
Event based server type includes Windows (Server), Windows (Workstation)
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
Event Type
The user has the option to filter logs using Event Type settings. Filter logs based on the following event types:
· Critical
· Error
· Warning
· Information
Note: If you remove selections of all types, there will be no Event Type filtering. In that case, VirtualMetric Collector will also collect Verbose and Debug logs.
Event ID
Specific number for specifying event-id.
Keyword
You can filter logs by using Keyword. Keyword filtering is only available for Windows servers. You can type the keyword that you want to use for filtering. VirtualMetric Collector will use it immediately to filter logs.
You can use string and integer keywords.
Notes
Additional area for specifying notes.
Visibility
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
OID (1)
OID can be imported from an internal system (1)
OID (2)
OID can be added manually (2)
· Name: A label or name that is assigned to an OID.
· OID: Unique sequence of numbers used in network management systems like SNMP to identify managed objects in a hierarchical tree structure.
· Regex: Sequence of characters that defines a search pattern, aiding in string matching and manipulation within text.
· Type: Select the type of OID between String and Number
Visibility
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
Status
Custom definition can be enabled/disabled from status field.
As an example, the CSV format should be like this. You should fill the name and oid values.
You can use "1" instead of "String"
You can use "2" instead of "Integer"
"Name1","oidvalue1","String"
"Name2","oidvalue2","Integer"
Example:
Name1,1.3.6.1.4.1.11096.6.1.1.1.2.1.6,1
Name2,1.3.6.1.4.1.11096.6.1.1.1.2.1.7,2
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
Event Type
The user has the option to filter logs using Event Type settings. Filter logs based on the following event types:
· Critical
· Error
· Warning
· Information
Note: If you remove selections of all types, there will be no Event Type filtering. In that case, VirtualMetric Collector will also collect Verbose and Debug logs.
Source IP Address
Unique numerical label assigned to a device initiating a data packet in a network, indicating the origin of the communication.
Visibility
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
Category
Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering.
Status
Custom definition can be enabled/disabled from status field.
Stream Based server type includes TCP, UDP, HTTP, SMTP
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
Source IP Address
Unique numerical label assigned to a device initiating a data packet in a network, indicating the origin of the communication.
Visibility
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
Category
Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering.
Status
Custom definition can be enabled/disabled from status field.
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
Source IP Address
Unique numerical label assigned to a device initiating a data packet in a network, indicating the origin of the communication.
SNMP Trap OID
Unique identifier used to categorize and identify specific events or conditions reported through SNMP traps in network management systems.
Visibility
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
Category
Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering.
Status
Custom definition can be enabled/disabled from status field.
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
Event Type
The user has the option to filter logs using Event Type settings. Filter logs based on the following event types:
· Critical
· Error
· Warning
· Information
Note: If you remove selections of all types, there will be no Event Type filtering. In that case, VirtualMetric Collector will also collect Verbose and Debug logs.
Event ID
Specific number for specifying event-id.
Keyword
You can filter logs by using Keyword. Keyword filtering is only available for Windows servers. You can type the keyword that you want to use for filtering. VirtualMetric Collector will use it immediately to filter logs.
You can use string and integer keywords.
Notes
Additional area for specifying notes.
Visibility
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
Stream Based queue systems includes Redis, Kafka, RabbitMQ, Nats
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
Visibility
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
Category
Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering.
Status
Custom definition can be enabled/disabled from status field.
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
Visibility
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
Transaction Definitions
A transaction definition outlines a set of operations treated as a single, atomic unit of work within a database, ensuring all actions either succeed or fail together.
Time Period
Select a proper time period from dropdown.
Specific duration or interval between two points in time.
Timeout
Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted.
Status
Custom definition can be enabled/disabled from status field.
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
Visibility
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
URL
It is a web address that specifies the location of a resource on the internet.
Credential Type
Select a proper credential type and credential.
· None
· Basic – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.
· HMAC – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.
· HTTP Header – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.
Content Type
API content type specifies the format of the data being sent or received in an API request or response.
Examples:
· application/json
· application/xml
Time Period
Select a proper time period from dropdown.
Specific duration or interval between two points in time.
Timeout
Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted.
Status
Custom definition can be enabled/disabled from status field.
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
Visibility
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
File Name
The name assigned to a file, identifying it within a file system.
Interpretor Type
Select a proper interpretor type from dropdown.
· Exe: An executable file containing machine code that can be run directly by an operating system.
· Shell: The user interface enabling interaction with an operating system, interpreting commands and executing programs.
· Powershell: A command-line shell and scripting language designed for task automation and configuration management in Windows environments.
Credential Type
Select a proper credential type and credential.
· None
· Basic – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.
· HMAC – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.
· HTTP Header – Selecting this option provides you with another Field called Credential from where you can select an appropriate option.
Time Period
Select a proper time period from dropdown.
Specific duration or interval between two points in time.
Timeout
Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted.
Status
Custom definition can be enabled/disabled from status field.
The scripts should be located under the package/scripts directory within the directory found by the agent. If the package/scripts directory does not exist, please create it.
Refer to the following table to understand the fields in the above screen.
Name
A label or name that is assigned to a custom definition.
Retention Period
The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived.
Visibility
To provide visibility to either your own organization or all the other organizations. The options are:
· My Organizations
· All Organizations
Query Editor
A query editor is a tool or interface that allows users to write, modify, and execute database queries, typically providing features for syntax highlighting and error checking.
Time Period
Select a proper time period from dropdown.
Specific duration or interval between two points in time.
Timeout
Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted.
Status
Custom definition can be enabled/disabled from status field.
5. After adding fields of the custom definition, additional configuration can be added from advance settings for some of the types.
1) Select a proper time zone mode.
Use time zone from log file. If none is detected use
Ignore time zone from log file and instead use
2) Select a proper time zone from dropdown.
Sometimes log files can contain different types of date format. Custom date format can be added from this field.
Example 1:
Date: 2022-09-06 05:48:20
Pattern: \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
Date Format: YYYY-MM-DD HH:mm:ss
Example 2:
Date: 202209060548
Pattern: \d{12}n
Date Format: YYYYMMDDHHmm
Example 3:
Date: 05:48 06.09.2022
Pattern: \d{2}:\d{2} \d{4}-\d{2}-\d{2}
Date Format: YYYYMMDDHHmm
Sometimes log files can contain different types of field formats. Custom field parser can be added from this field. After adding a sample you will see data columns under the sample field. Columns can be selected.
Example 1:
Example 2:
Example 3:
Regex can be written for parse the line
Example:
There are two modes in this part. Users can write any word or regex.
Example:
There are two modes in this part. Users can write any word or regex.
Select a proper reader mode.
Ingest all except matched lines: Shows logs that contain written pattern.
Ingest only matched lines: Shows logs that do not contain written pattern.
Click Add button
Example:
You should add (*) to beginning and end of the expression.
Example: *error*
This is the process of converting data from one format or representation to another. For example, in computing, encoding can refer to converting text characters into binary code for storage or transmission, such as ASCII or UTF-8 encoding.
Select a proper encoding type from dropdown.
6. After adding all required fields click SUBMIT.
