Just to make it clear - My goal was to have the syslog events parsed in ESM/ELM so I could query them using the web UI and the REST API.
Open your ESM console, select the data source you'd like to have that parsing rule applied to and click on the policy icon (top left). From the policy editor menu, click on New and create a new Advanced Syslog Parsing rule. Enter your REGEX expression and assign to the fields that you want and save it. Then "Enable" your rule and it should now apply to that data source.
Hi, I am new to the ESM appliance. I just had one demo session of how to put the regexes for parsing the logs. Here my doubt is.. Is there only one console available for putting the regexes for all the logs?
Here in my case I have around 5 different databases, so the logs are much different in each of the case. Is it like, I can put only one regex which would do work for all available logs? Or I can put regexes for each kind of event? Kindly clarify.