Create a Log Source Type

Only Administrators can take this action.

To create a policy for your new log source type, you need a raw log message from a log source within the log source type. You can find raw log messages in search results. Right-click the raw log message, and then click Copy Value. 

1. In the lower-left corner of the main screen, click the Administration cog icon.
   The Administration menu appears on the left side.
2. Under Integrations, click Message Processing.
   The Log Source Types list appears.

3. In the upper-right corner, click + Create a Log Source Type.
   The Create Log Source Type Wizard appears.

4. Enter information in the following fields:

   • Log Source Type Name. A name for the log source type. 

     

     Each log source type within your environment must have a unique name.

   • (Optional) Description. A description of the log source type.
   • Collector Configuration. The drop-down menu includes supported collector configurations. 
   • (Optional) Vendor Information. Information about the vendor.
   • (Optional) Product Name. Name of the product.

5. Click Create.
   The Log Source Type details page appears. The Policies tab displays by default.

   

   Upon successfully creating the log source type, a confirmation message appears at the bottom of the page. The Log Source Type also appears in the Log Source Type list on the Message Processing page.

6. To create a processing policy for the log source type you just created, click + Create Policy.
   The first page of the Policy Builder appears.

7. Enter information in the following fields:

   • Policy Name. A name for the policy.

   • (Optional) Policy Description. A description of the policy.

   • Paste a Log Message Here. The raw log message must be from a log source that is within the log source type you just created.

8. Click Next.
   The Policy Builder Workspace appears.

For more information on the Policy Builder:

• Policy Builder
• Message Interpreter