DNIF library has extractors ready to ingest data from all types of devices. It auto detects devices sending logs to DNIF and the extractors associated with them, this information is listed on the device management screen. It lists the devices that are sending logs to the console along with the IP addresses, extractors and streams associated for informational purposes. In addition, A provision has been made to manually add devices when it is required for the rare case where one needs to make a specific parser mapping for a particular device.
- Extractors are used to extract information from the incoming logs.
- Streams are the logical partitions into which different log types are distributed.
How to view Collection Status?
- Click Streams icon on the left navigation bar of the Home Screen and then click on Collection Status, to view all the devices sending logs to console.
The Collection Status screen displays the following details:
|Source||Displays the IP Address/ name of the Connector sending logs to console
|Extractors||Display the extractors mapped to the device|
|Stream||Displays the stream category of the logs|
|Status||Displays the status of the device, active/inactive. You can apply the following filters:
|Edit||You can override the auto detected extractors by manually adding an extractor from the drop down. The overridden extractors can also be rolled back to its original auto detected value. Refer below How to manually override and rollback an extractor?|
- Click Export, to download the collection status.
- Click Refresh icon on the right corner above the list to refresh the list. On successful update the following message will be displayed on screen.
Device List Fetched Successfully
How to manually override and rollback an extractor?
To manually override an extractor:
- Click the Edit icon against the required device. The extractor column of the device will be changed into edit mode.
- Select the radio button to manually override the selected extractor.
- Select the required extractor from the dropdown and click Save. The Device will be updated with the new extractor as shown below
This Blue icon in the above screen indicates that the extractor has been overridden
To rollback an overridden extractor
- Click the edit icon against the overridden device.
- Select the radio button, to rollback the extractor to the original auto detected value. The following screen is displayed
- Click Save. The Device will rollback to its original autodetected value as shown below