Hi All,
I have integrated one of MS SQL 2012 Arcos databse with RSA SA and we are collecting logs from specific table from it.
The modified XML is;
<?xml version="1.0" encoding="UTF-8"?>
<typespec>
<name>Arcos</name>
<type>odbc</type>
<prettyName>ARCOS</prettyName>
<version>1.0</version>
<author>Administrator</author>
<description>ARCOS PIM Solution</description>
<device>
<name>arcos</name>
<description>ARCOS PIM Solution</description>
</device>
<configuration>
</configuration>
<collection>
<odbc>
<query>
<tag>Arcos</tag>
<interval>10</interval>
<dataQuery>
Select * from ARCOSDB.dbo.SIEMARCOSenvision where ID > '%TRACKING%' ORDER BY ID
</dataQuery>
<trackingColumn>ID</trackingColumn>
<maxTrackingQuery>Select max(ID)EventTimeStamp from ARCOSDB.dbo.SIEMARCOSenvision</maxTrackingQuery>
</query>
</odbc>
</collection>
</typespec>
And the output we are getting is in below format :
%Arcos: 25067||9200||2017-02-03 16:16:02.000||(null)||10263||SACHINS||(null)||172.16.93.65[64006A255A02][BFEBFBFF000306C3][DKK2T72][ACM4.7.8.3]||(null)||(null)||(null)||21241||10026||10.10.10.10||admin||App Web Browser||21333||03-02-2017 16:15:21||03-02-2017 16:15:30||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)||(null)
The issue is due to presence of || in between logs neither I am getting parse logs and all are coming under unknown nor I am able to create a proper parser.
I have also used
<outputDelimiter>','</outputDelimiter> above <interval>10</interval> and many more combination but failed to get logs in that situations.
Can anyone help me out in this situation?
