-
Notifications
You must be signed in to change notification settings - Fork 12
/
Cohesity_Backup_Extractions
348 lines (342 loc) · 26.7 KB
/
Cohesity_Backup_Extractions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
{
"extractors": [
7pm / 12 am
{
"title": "Cohesity connection status",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "\\: Received disconnect from %{IPV4} port %{DATA:cohesity_port}\\:%{DATA:cohesity_port2}\\: %{DATA:cohesity_connection_status} by user"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity login connectivity status",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "\\: %{DATA:unix_connection_status} from %{IPV4} port %{GREEDYDATA:cohesity_port} ssh2\\: RSA %{DATA:cohesity_rsa_encryption}\\:%{GREEDYDATA:cohesity_rsa_encryption_key}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity PAM fail lock",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{DATA:unix_pam_module}\\(%{DATA:unix_service}\\:%{DATA:unix_service_pam}\\)\\: User unknown"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity pam auth status with uid",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "\\: %{DATA:unix_pam_module}\\(%{DATA:unix_service}\\:%{DATA:unix_service_pam}\\)\\: session %{DATA:pam_module_status} for user %{DATA:username} by \\(uid=%{DATA:unix_uid_id}\\)"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity pam auth status",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "\\: %{DATA:unix_pam_module}\\(%{DATA:unix_service}\\:%{DATA:unix_service_pam}\\)\\: session %{DATA:pam_module_status} for user %{DATA:username}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity password",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "\\: %{DATA:password_status} %{DATA:password_type} for %{DATA:username} from %{IPV4} port %{DATA:cohesity_port} ssh2"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity failed password",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "\\: %{DATA:password_status}password for invalid user %{DATA:username} from %{IPV4} port %{DATA:cohesity_port} ssh2"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity ssh user , ip, and port",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "for %{DATA:username} from %{IPV4} port %{DATA:cohesity_port} ssh2\\:"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Extraction",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\", \"Entities\" \\: \\[\\{\"EntityType\" : \"kVMware\", \"EntityId\" \\: \"%{DATA:cohesity_backup_entity_id}\\, \"EntityName\" \\: \"%{DATA:cohesity_entity_hostname}\"}\\]\\, \"ReplicationTarget\" \\: \\{\"ClusterId\" \\: \"%{DATA:cohesity_repliation_cluster_id}\", \"ClusterName\" \\: \"%{DATA:cohesity_replication_target_hostname}\"\\}, \"AttributeMap\" \\: \\{\"%{DATA:cohesity_attribute_name}\" : \"%{DATA:cohesity_attribute_number}\"\\}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Failure Extraction ORACLE Error 2",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\"\\, \"Entities\" \\: \\[\\], \"Error\" \\: \\{\"ErrorCode\" \\: \"%{DATA:COHESITY_ERROR_CODE}\", \"ErrorMessage\" \\: \"%{GREEDYDATA:COHESITY_ERROR_CODE_MESSAGE}\\}\\, \"TaskId\" \\: \"%{DATA:cohesity_task_id}\"\\, \"AttributeMap\" \\: \\{\"%{DATA:cohesity_attribute_name}\" : %{DATA:cohesity_attrib_number}\\}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Failure Extraction ORACLE Error 3",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\"\\, \"Entities\" \\: \\[\\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\"\\, \"EntityId\" \\: \"%{DATA:cohesity_backup_entity_id}\\, \"EntityName\" \\: \"%{DATA:cohesity_entity_hostname}\"}\\], \"Error\" \\: \\{\"ErrorCode\" \\: \"%{DATA:COHESITY_ERROR_CODE}\"\\, \"ErrorMessage\" \\: \"%{GREEDYDATA:COHESITY_ERROR_CODE_MESSAGE}\\}\\, \"TaskId\" \\: \\\"%{GREEDYDATA:cohesity_task_id}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Tasks",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\", \"Entities\" \\: \\[\\{\"EntityType\" : \"kVMware\", \"EntityId\" \\: \"%{DATA:cohesity_backup_entity_id}\\, \"EntityName\" \\: \"%{DATA:cohesity_entity_hostname}\"}\\]\\, \"TaskId\" \\: \"%{DATA:cohesity_task_id}\"\\, \"AttributeMap\" \\: \\{\\}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Replication Extraction",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\", \"Entities\" \\: \\[\\{\"EntityType\" : \"kVMware\", \"EntityId\" \\: \"%{DATA:cohesity_backup_entity_id}\\, \"EntityName\" \\: \"%{DATA:cohesity_entity_hostname}\"}\\]\\, \"ReplicationTarget\" \\: \\{\"ClusterId\" \\: \"%{DATA:cohesity_repliation_cluster_id}\", \"ClusterName\" \\: \"%{DATA:cohesity_replication_target_hostname}\"\\}, \"AttributeMap\" \\: \\{\\}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Tasks 2",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" : \"%{DATA:cohesity_backup_job_id_number}\"\\, \"Entities\" \\: \\[\\]\\, \"TaskId\" \\: \"%{DATA:cohesity_task_id}\"\\, \"AttributeMap\" \\: \\{\"%{DATA:cohesity_attribute_name}\" : %{DATA:cohesity_attrib_number}\\}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Failure Extraction",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\", \"Entities\" \\: \\[\\{\"EntityType\" : \"kVMware\", \"EntityId\" \\: \"%{DATA:cohesity_backup_entity_id}\\, \"EntityName\" \\: \"%{DATA:cohesity_entity_hostname}\"}\\], \"Error\" \\: \\{\"ErrorCode\" \\: \"%{DATA:COHESITY_ERROR_CODE}\"\\, \"ErrorMessage\" \\: \"\\[Code %{DATA:COHESITY_ERROR_CODE_NUMBER}\\] %{GREEDYDATA:COHESITY_ERROR_CODE_MESSAGE}\\\"}\\, \"TaskId\" \\: \"%{DATA:cohesity_task_id}\"\\, \"AttributeMap\" \\: \\{}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Archival backup Extraction ",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\", \"Entities\" \\: \\[\\]\\, \"%{DATA:cohesity_archival_target}\\\" \\: \\{\"Type\" \\: \"%{DATA:cohesity_archivaltarget_type}\"\\, \"Name\" \\: \"%{DATA:cohesity_archival_name}\"\\}\\, \"AttributeMap\" \\: \\{\\}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Failure Extraction ORACLE Error",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\"\\, \"Entities\" \\: \\[\\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\"\\, \"EntityId\" \\: \"%{DATA:cohesity_backup_entity_id}\\, \"EntityName\" \\: \"%{DATA:cohesity_entity_hostname}\"}\\], \"Error\" \\: \\{\"ErrorCode\" \\: \"%{DATA:COHESITY_ERROR_CODE}\"\\, \"ErrorMessage\" \\: \"%{GREEDYDATA:COHESITY_ERROR_CODE_MESSAGE}\\}\\, \"TaskId\" \\: \"%{DATA:cohesity_task_id}\"\\, \"AttributeMap\" \\: \\{}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Failure Extraction 3",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\", \"Entities\" \\: \\[\\]\\, \"Error\" \\: \\{\"ErrorCode\" \\: \"%{DATA:COHESITY_ERROR_CODE}\"\\, \"ErrorMessage\" \\: %{GREEDYDATA:COHESITY_ERROR_CODE_MESSAGE}\\}\\, \"TaskId\" \\: \"%{DATA:cohesity_task_id}\"\\, \"AttributeMap\" \\: \\{\"%{DATA:cohesity_attribute_name}\" : %{DATA:cohesity_attrib_number}\\}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Failure Extraction 2",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\", \"Entities\" \\: \\[\\]\\, \"Error\" \\: \\{\"ErrorCode\" \\: \"%{DATA:COHESITY_ERROR_CODE}\"\\, \"ErrorMessage\" \\: \"\\[Code %{DATA:COHESITY_ERROR_CODE_NUMBER}\\] %{GREEDYDATA:COHESITY_ERROR_CODE_MESSAGE}\\\"}\\, \"TaskId\" \\: \"%{DATA:cohesity_task_id}\"\\, \"AttributeMap\" \\: \\{\"%{DATA:cohesity_attribute_name}\" : %{DATA:cohesity_attrib_number}\\}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Error Entity Global extraction ",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"ClusterInfo\" : \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}, \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" : \"%{DATA:cohesity_backup_job_id_number}\", \"Entities\" \\: \\[\\], \"Error\" \\: \\{\"ErrorCode\" \\: \"%{DATA:COHESITY_ERROR_CODE}\", \"ErrorMessage\" : \"%{GREEDYDATA:COHESITY_ERROR_CODE_MESSAGE}\"}\\, \"TaskId\" \\: \"%{DATA:cohesity_task_id}\"\\, \"AttributeMap\" \\: \\{\"%{DATA:cohesity_attribute_name}\" : %{DATA:cohesity_attrib_number}\\}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Failure Extraction MSSQLSERVER",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"ClusterInfo\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\", \"Entities\" \\: \\[\\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\]\\, \"Error\" \\: \\{\"ErrorCode\" \\: \"%{DATA:COHESITY_ERROR_CODE}\" : \"%{GREEDYDATA:COHESITY_ERROR_CODE_MESSAGE}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Failure Extraction MSSQLSERVER 2",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \"ClusterInfo\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\", \"Entities\" : \\[], \"Error\" : \\{\"ErrorCode\" : %{DATA:COHESITY_ERROR_CODE}, \"ErrorMessage\" : \"%{GREEDYDATA:COHESITY_ERROR_MESSAGE}Please"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Oracle Pass ",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" : \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_environment_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}\\, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\"\\, \"Entities\" \\: \\[\\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\"\\, \"EntityId\" \\: \"%{DATA:cohesity_backup_entity_id}\\, \"EntityName\" \\: \"%{DATA:cohesity_entity_hostname}\"}\\], \"TaskId\" \\: \"%{DATA:cohesity_task_id}\"\\, \"AttributeMap\" \\: \\{}\\}"
},
"condition_type": "none",
"condition_value": ""
},
{
"title": "Cohesity Backup Failure Extraction ORACLE Error 5 ",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "",
"extractor_config": {
"grok_pattern": "%{HOSTNAME} %{DATA:cohesity_syslog_type}: \\{\"EventMessage\" : \"%{DATA:cohesity_event_message_type}\\\"\\, \"Timestamp\" \\: \"%{YEAR}-%{MONTHNUM}-%{MONTHDAY}T%{HOUR}:%{MINUTE}:%{SECOND}\\.%{DATA:NANOSECOND}%{ISO8601_TIMEZONE}\"\\, \\\"ClusterInfo\\\" \\: \\{\"ClusterId\" : \"%{DATA:cohesity_cluster_id}\\\", \"ClusterName\" : \"%{DATA:cohesity_cluster_name}\"\\}, \"EventType\" \\: %{DATA:cohesity_event_type}, \"EnvironmentType\" \\: %{DATA:cohesity_environment_type}, \"RegisteredSource\" \\: \\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\", \"EntityId\" : \"%{DATA:cohesity_entity_id}\", \"EntityName\" \\: \"%{DATA:cohesity_backup_vcenter_name}\"\\}, \"BackupJobName\" \\: \"%{DATA:cohesity_backup_job_name}\"\\, \"BackupJobId\" \\: \"%{DATA:cohesity_backup_job_id_number}\", \"Entities\" \\: \\[\\{\"EntityType\" \\: \"%{DATA:cohesity_entity_type}\"\\, \"EntityId\" \\: \"%{DATA:cohesity_backup_entity_id}\\, \"EntityName\" \\: \"%{DATA:cohesity_entity_hostname}\"}\\], \"Error\" \\: \\{\"ErrorCode\" \\: \"kAgentError\", \"ErrorMessage\" \\: \"\\[kOracleCmdError]\\: %{GREEDYDATA:COHESITY_ERROR_CODE_MESSAGE}"
},
"condition_type": "none",
"condition_value": ""
}
],
"version": "4.0.1"
}