Add Custom Definition
Last updated
Last updated
Before adding new Custom definition, you should create a new custom definition entry.
1. Click to Custom Definition on the left pane.
2. On the Custom Definitions Management screen, click Add (+) button on the right top section.
3. Select type of Server.
4. Fields will change based on the type.
File Based server type includes Windows (Server), Windows (Workstation), Linux (Server), Linux (Workstation)
Refer to the following table to understand the fields in the above screen.
| Fields | Description |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
Groups | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
Log Path | The log path represents the directory or location where log files are stored or generated within a system or application. |
Category | Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering. |
Collection should begin | Select a proper time frame from dropdown. Initiation or start of log data aggregation or recording within a system or application. |
Status | Custom definition can be enabled/disabled from status field. |
Event based server type includes Windows (Server), Windows (Workstation)
Refer to the following table to understand the fields in the above screen.
| Fields | Descriptions |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
Event Type | The user has the option to filter logs using Event Type settings. Filter logs based on the following event types: · Critical · Error · Warning · Information Note: If you remove selections of all types, there will be no Event Type filtering. In that case, VirtualMetric Collector will also collect Verbose and Debug logs. |
Event ID | Specific number for specifying event-id. |
Keyword | You can filter logs by using Keyword. Keyword filtering is only available for Windows servers. You can type the keyword that you want to use for filtering. VirtualMetric Collector will use it immediately to filter logs. You can use string and integer keywords. |
Notes | Additional area for specifying notes. |
Visibility | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
Refer to the following table to understand the fields in the above screen.
| Fields | Descriptions |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
OID (1) | OID can be imported from an internal system (1) |
OID (2) | OID can be added manually (2) · Name: A label or name that is assigned to an OID. · OID: Unique sequence of numbers used in network management systems like SNMP to identify managed objects in a hierarchical tree structure. · Regex: Sequence of characters that defines a search pattern, aiding in string matching and manipulation within text. · Type: Select the type of OID between String and Number |
Visibility | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
Status | Custom definition can be enabled/disabled from status field. |
As an example, the CSV format should be like this. You should fill the name and oid values.
You can use "1" instead of "String"
You can use "2" instead of "Integer"
"Name1","oidvalue1","String"
"Name2","oidvalue2","Integer"
Example:
Name1,1.3.6.1.4.1.11096.6.1.1.1.2.1.6,1
Name2,1.3.6.1.4.1.11096.6.1.1.1.2.1.7,2
Refer to the following table to understand the fields in the above screen.
| Fields | Descriptions |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
Event Type | The user has the option to filter logs using Event Type settings. Filter logs based on the following event types: · Critical · Error · Warning · Information Note: If you remove selections of all types, there will be no Event Type filtering. In that case, VirtualMetric Collector will also collect Verbose and Debug logs. |
Source IP Address | Unique numerical label assigned to a device initiating a data packet in a network, indicating the origin of the communication. |
Visibility | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
Category | Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering. |
Status | Custom definition can be enabled/disabled from status field. |
Stream Based server type includes TCP, UDP, HTTP, SMTP
Refer to the following table to understand the fields in the above screen.
| Fields | Descriptions |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
Source IP Address | Unique numerical label assigned to a device initiating a data packet in a network, indicating the origin of the communication. |
Visibility | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
Category | Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering. |
Status | Custom definition can be enabled/disabled from status field. |
Refer to the following table to understand the fields in the above screen.
| Fields | Descriptions |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
Source IP Address | Unique numerical label assigned to a device initiating a data packet in a network, indicating the origin of the communication. |
SNMP Trap OID | Unique identifier used to categorize and identify specific events or conditions reported through SNMP traps in network management systems. |
Visibility | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
Category | Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering. |
Status | Custom definition can be enabled/disabled from status field. |
Refer to the following table to understand the fields in the above screen.
| Fields | Descriptions |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
Event Type | The user has the option to filter logs using Event Type settings. Filter logs based on the following event types: · Critical · Error · Warning · Information Note: If you remove selections of all types, there will be no Event Type filtering. In that case, VirtualMetric Collector will also collect Verbose and Debug logs. |
Event ID | Specific number for specifying event-id. |
Keyword | You can filter logs by using Keyword. Keyword filtering is only available for Windows servers. You can type the keyword that you want to use for filtering. VirtualMetric Collector will use it immediately to filter logs. You can use string and integer keywords. |
Notes | Additional area for specifying notes. |
Visibility | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
Stream Based queue systems includes Redis, Kafka, RabbitMQ, Nats
Refer to the following table to understand the fields in the above screen.
| Fields | Descriptions |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
Visibility | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
Category | Classification or grouping of log messages based on specific criteria or functionality for easier organization and filtering. |
Status | Custom definition can be enabled/disabled from status field. |
Refer to the following table to understand the fields in the above screen.
| Fields | Descriptions |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
Visibility | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
Transaction Definitions | A transaction definition outlines a set of operations treated as a single, atomic unit of work within a database, ensuring all actions either succeed or fail together. |
Time Period | Select a proper time period from dropdown. Specific duration or interval between two points in time. |
Timeout | Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted. |
Status | Custom definition can be enabled/disabled from status field. |
Refer to the following table to understand the fields in the above screen.
| Fields | Descriptions |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
Visibility | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
URL | It is a web address that specifies the location of a resource on the internet. |
Credential Type | Select a proper credential type and credential. · None · Basic – Selecting this option provides you with another Field called Credential from where you can select an appropriate option. · HMAC – Selecting this option provides you with another Field called Credential from where you can select an appropriate option. · HTTP Header – Selecting this option provides you with another Field called Credential from where you can select an appropriate option. |
Content Type | API content type specifies the format of the data being sent or received in an API request or response. Examples: · application/json · application/xml |
Time Period | Select a proper time period from dropdown. Specific duration or interval between two points in time. |
Timeout | Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted. |
Status | Custom definition can be enabled/disabled from status field. |
Refer to the following table to understand the fields in the above screen.
| Fields | Descriptions |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
Visibility | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
File Name | The name assigned to a file, identifying it within a file system. |
Interpretor Type | Select a proper interpretor type from dropdown. · Exe: An executable file containing machine code that can be run directly by an operating system. · Shell: The user interface enabling interaction with an operating system, interpreting commands and executing programs. · Powershell: A command-line shell and scripting language designed for task automation and configuration management in Windows environments. |
Credential Type | Select a proper credential type and credential. · None · Basic – Selecting this option provides you with another Field called Credential from where you can select an appropriate option. · HMAC – Selecting this option provides you with another Field called Credential from where you can select an appropriate option. · HTTP Header – Selecting this option provides you with another Field called Credential from where you can select an appropriate option. |
Time Period | Select a proper time period from dropdown. Specific duration or interval between two points in time. |
Timeout | Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted. |
Status | Custom definition can be enabled/disabled from status field. |
The scripts should be located under the package/scripts directory within the directory found by the agent. If the package/scripts directory does not exist, please create it.
Refer to the following table to understand the fields in the above screen.
| Fields | Descriptions |
|---|---|
Name | A label or name that is assigned to a custom definition. |
Retention Period | The retention period of logs signifies the duration for which log data is stored or maintained before it's automatically deleted or archived. |
Visibility | To provide visibility to either your own organization or all the other organizations. The options are: · My Organizations · All Organizations |
Query Editor | A query editor is a tool or interface that allows users to write, modify, and execute database queries, typically providing features for syntax highlighting and error checking. |
Time Period | Select a proper time period from dropdown. Specific duration or interval between two points in time. |
Timeout | Duration within which an operation or process is expected to complete before being considered unsuccessful or interrupted. |
Status | Custom definition can be enabled/disabled from status field. |
5. After adding fields of the custom definition, additional configuration can be added from advance settings for some of the types.
1) Select a proper time zone mode.
Use time zone from log file. If none is detected use
Ignore time zone from log file and instead use
2) Select a proper time zone from dropdown.
Sometimes log files can contain different types of date format. Custom date format can be added from this field.
Example 1:
Date: 2022-09-06 05:48:20
Pattern: \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
Date Format: YYYY-MM-DD HH:mm:ss
Example 2:
Date: 202209060548
Pattern: \d{12}n
Date Format: YYYYMMDDHHmm
Example 3:
Date: 05:48 06.09.2022
Pattern: \d{2}:\d{2} \d{4}-\d{2}-\d{2}
Date Format: YYYYMMDDHHmm
Sometimes log files can contain different types of field formats. Custom field parser can be added from this field. After adding a sample you will see data columns under the sample field. Columns can be selected.
Example 1:
Example 2:
Example 3:
Regex can be written for parse the line
Example:
There are two modes in this part. Users can write any word or regex.
Example:
There are two modes in this part. Users can write any word or regex.
Select a proper reader mode.
Ingest all except matched lines: Shows logs that contain written pattern.
Ingest only matched lines: Shows logs that do not contain written pattern.
Click Add button
Example:
You should add (*) to beginning and end of the expression.
Example: *error*
This is the process of converting data from one format or representation to another. For example, in computing, encoding can refer to converting text characters into binary code for storage or transmission, such as ASCII or UTF-8 encoding.
Select a proper encoding type from dropdown.
6. After adding all required fields click SUBMIT.
