Event From XML Creation Filter

package ecs_xml

Definition

Description

If event matches Condition create new events from the XML content of FieldName and send those events to DestinationName.

 

 

Comments

If FieldName or DestinationName is missing, blank or invalid, do nothing.

For the new events to be created from the XML content of FieldName, that XML content must contain new events in Event XML format:

Example:

<event xmlns:ev="http://www.eventgnosis.com/">
	<ev:host>Host</ev:host>
	<ev:app>App72</ev:app>
	<ev:log>Log</ev:log>
	<ev:msg>2003-10-18 14:25:07.621</ev:msg>
	<ev:count>5</ev:count>
</event>

 

Example

<filter objectId="xml" type="EventFromXMLCreationFilter">
	<parameter autoSetDescription="false" comments="Add comments for Condition..." description="app=case1" type="Condition">
		<negatePrimaryCondition>false</negatePrimaryCondition>
		<conditionRelation>All</conditionRelation>
		<conditionSpec>
			<negate>false</negate>
			<fieldName>ev:app</fieldName>
			<operator>eq</operator>
			<valueType>string</valueType>
			<value>case1</value>
		</conditionSpec>
	</parameter>
	<parameter type="FieldName">ev:msg</parameter>
	<parameter type="DestinationName">EventXMLCreation-Archive</parameter>
</filter>