Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel2
typeflat

Introduction

The tags beginning with {2-level parser name} dmp.commvault identify events generated by {product type} belonging to {Company-site} Commvault.

Valid tags and data tables 

The full tag must have {X} 4 levels. The first two are fixed as {2-level parser name}dmp.commvault. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

{Service name}

{tag name}

{data table name}

{tag name}

{data table name}

Commvault

dmp.commvault.audit.event

dmp.commvault.audit.event

dmp.commvault.alert.event

dmp.commvault.alert.event

For more information, read more About Devo tags.

How is the data sent to Devo?

Logs generated by Commvault must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below:

Rule for events with "AuditTrail: message"

  • Source port - Any available port

  • Source data - AuditTrail:

  • Target tag - dmp.commvault.audit.event

  • Target message - \\\\d0

  • Stop processing -

Rule for events with "Alerts: message"

  • Source port - Any available port

  • Source data - Alerts:

  • Target tag - dmp.commvault.alert.event

  • Target message - \\\\d0

  • Stop processing -

Table structure

These are the fields displayed in this table:these tables:

dmp.commvault.audit.event

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

machine

str

 

 

OP_id

str

 

 

audit_time

str

 

 

severity_level

str

 

 

comm_cell_name

str

 

 

user_name

str

 

 

operation

str

 

 

details

str

 

 

company_name

str

 

 

utc_timestamp

timestamp

Code Block
timestamp(int(utc_timestamp_str, +"000"))

utc_timestamp_str

hostchain

str

 

 

tag

str

 

 

rawMessage

str

 

 

dmp.commvault.alert.event

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

machine

str

 

 

alerts_id

str

 

 

alert_time

str

 

 

alert_severity

str

 

 

job_id

str

Code Block
ifthenelse(isnotnull(job_id_main), job_id_main, job_id_description)

job_id_description

job_id_main

comm_cell_name

str

 

 

alert_name

str

Code Block
ifthenelse(isnotnull(alert_name_main), alert_name_main, alert_name_description)

alert_name_description

alert_name_main

company_name

str

 

 

utc_timestamp

timestamp

Code Block
timestamp(int(utc_timestamp_str, +"000"))

utc_timestamp_str

alert_description

str

 

 

type

str

 

 

detected_criteria

str

 

 

detected_time

str

 

 

comm_cell

str

 

 

user

str

 

 

property_alert_modifications

str

 

 

client_group

str

 

 

comments

str

 

 

status

str

 

 

client_str

str

 

 

sub_client

str

 

 

agent_type

str

 

 

instance

str

 

 

backup_level

str

 

 

backup_set

str

 

 

start_time

str

 

 

scheduled_time

str

 

 

end_time

str

 

 

error_code

str

 

 

failure_reason

str

 

 

protected_counts

str

 

 

failed_counts

str

 

 

library_name

str

 

 

media_agent_name

str

 

 

media_space_left

str

 

 

storage_policies_used

str

 

 

copy_name

str

 

 

copied_data_size

str

 

 

pruned_jobs_count

str

 

 

msg_tok_sep_values

str

Code Block
join(msg_tok_sep, ", ")

msg_tok_sep

hostchain

str

 

 

tag

str

 

 

rawMessage

str