Document toolboxDocument toolbox

dmp.commvault

Owned by Juan Tomás Alonso Nieto (Deactivated), created
Last updated: Dec 12, 2024 by Julio Vargas
2 min read
[ 1 Introduction ] [ 2 Valid tags and data tables  ] [ 3 How is the data sent to Devo? ] [ 4 Table structure ]

Introduction

The tags beginning with dmp.commvault identify events generated by Commvault.

Valid tags and data tables 

The full tag must have 4 levels. The first two are fixed as dmp.commvault. The third level identifies the type of events sent. The fourth level indicates the event subtype.

These are the valid tags and corresponding data tables that will receive the parsers' data:

Product / Service

Tags

Data tables

Product / Service

Tags

Data tables

Commvault

dmp.commvault.audit.event

dmp.commvault.audit.event

dmp.commvault.alert.event

dmp.commvault.alert.event

For more information, read more About Devo tags.

How is the data sent to Devo?

Logs generated by Commvault must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below:

Rule for events with "AuditTrail: message"

  • Source port - Any available port

  • Source data - AuditTrail:

  • Target tag - dmp.commvault.audit.event

  • Target message - \\d0

  • Stop processing - ✓

Rule for events with "Alerts: message"

  • Source port - Any available port

  • Source data - Alerts:

  • Target tag - dmp.commvault.alert.event

  • Target message - \\d0

  • Stop processing - ✓

Table structure

These are the fields displayed in these tables:

dmp.commvault.audit.event

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

machine

str

 

 

 

OP_id

str

 

 

 

audit_time

str

 

 

 

severity_level

str

 

 

 

comm_cell_name

str

 

 

 

user_name

str

 

 

 

operation

str

 

 

 

details

str

 

 

 

company_name

str

 

 

 

utc_timestamp

timestamp

timestamp(int(utc_timestamp_str, +"000"))

utc_timestamp_str

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓

dmp.commvault.alert.event

Field

Type

Field transformation

Source field name

Extra fields

Field

Type

Field transformation

Source field name

Extra fields

eventdate

timestamp

 

 

 

machine

str

 

 

 

alerts_id

str

 

 

 

alert_time

str

 

 

 

alert_severity

str

 

 

 

job_id

str

ifthenelse(isnotnull(job_id_main), job_id_main, job_id_description)

job_id_description

job_id_main

 

comm_cell_name

str

 

 

 

alert_name

str

ifthenelse(isnotnull(alert_name_main), alert_name_main, alert_name_description)

alert_name_description

alert_name_main

 

company_name

str

 

 

 

utc_timestamp

timestamp

utc_timestamp_str

 

alert_description

str

 

 

 

type

str

 

 

 

detected_criteria

str

 

 

 

detected_time

str

 

 

 

comm_cell

str

 

 

 

user

str

 

 

 

property_alert_modifications

str

 

 

 

client_group

str

 

 

 

comments

str

 

 

 

status

str

 

 

 

client_str

str

 

 

 

sub_client

str

 

 

 

agent_type

str

 

 

 

instance

str

 

 

 

backup_level

str

 

 

 

backup_set

str

 

 

 

start_time

str

 

 

 

scheduled_time

str

 

 

 

end_time

str

 

 

 

error_code

str

 

 

 

failure_reason

str

 

 

 

protected_counts

str

 

 

 

failed_counts

str

 

 

 

library_name

str

 

 

 

media_agent_name

str

 

 

 

media_space_left

str

 

 

 

storage_policies_used

str

 

 

 

copy_name

str

 

 

 

copied_data_size

str

 

 

 

pruned_jobs_count

str

 

 

 

msg_tok_sep_values

str

msg_tok_sep

 

hostchain

str

 

 

✓

tag

str

 

 

✓

rawMessage

str

 

 

✓