Devo Last Event Date
- Juan Tomás Alonso Nieto (Deactivated)
- Former user (Deleted)
Description
This unit is a Source unit type.
The Devo Last Event Date unit finds the date of the latest event in a specified Devo table and appends it to the input event in the field set in the properties.
Once an event enters through the in port, the query specified in the properties is issued.
Events are output through the data port with the date of the last record in the table is added to the event in the field indicated in configuration.
If an error occurs, the events are enriched with standard error fields and set to the error output port.
Configuration
After dragging this unit into the Flow canvas, double-click it to access its configuration options. The following table describes the configuration options of this unit:
Tab | Field | Description |
|---|---|---|
General | Name | Enter a name for the unit. It must start with a letter, and cannot contain spaces. Only letters, numbers, and underscores are allowed. |
Description | Enter a description detailing the scope of the unit. | |
Table name | Enter the name of the table to be consulted in Devo. | |
Column name | Enter a name for the output event field containing the last event date. | |
Lookback period | The interval of how far back in time to search. The lookback can be performed from a minimum of 600,000 milliseconds (10 minutes) and a maximum of 10 days. |
Input ports
Port | Description |
|---|---|
in | All input events enter via this port. |
Output ports
Port | Description |
|---|---|
data | This port outputs events enriched with a timestamp field containing the last date found. |
error | This port outputs events that generated an error when evaluated against the expression. Standard error fields (error, exception) are added to the output events. |
Example
In this example, we want to send an event every ten seconds to the Devo Last Event Date to show how the time of this last event is inserted into a specified data table in Devo.
To do it, we will add a Scheduler unit that will send events to the table every ten seconds.
Then, we will define the destination table using the Devo Last Event Date unit as siem.logrust.web.activity.
Link the out port of the Scheduler unit to the in port of the Devo Last Event Date unit.
Download this example
You can try this flow by downloading the following JSON file and uploading it to your domain using the Import option:
