CommonBaseEvent treatment

benji00 · ‎09-10-2019

Hello all,

I receiving some event from our Monitoring Agent tool (from the editor Dassault Systemes) through Common Base Event format like:

  <extendedDataElements name="status" type="string">
    <values>0</values>
  </extendedDataElements>
  <extendedDataElements name="elapsed" type="string">
    <values>203</values>
  </extendedDataElements>
  <extendedDataElements name="_period" type="string">
    <values>300</values>
  </extendedDataElements>
  <extendedDataElements name="connection" type="string">
    <values>47</values>
  </extendedDataElements>
  <extendedDataElements name="logoutTime" type="string">
    <values>62</values>
  </extendedDataElements>
  <extendedDataElements name="getLoginPageTime" type="string">
    <values>78</values>
  </extendedDataElements>
  <sourceComponentId componentType="ProductName" instanceId="3dpassport_TEST1" component="serviceHealthCheck" processId="" locationType="Hostname" location="io-ws-3de71ts" subComponent="" componentIdType="ProductName"/>
  <situation categoryName="ReportSituation">
    <situationType reportCategory="LOG" xsi:type="ReportSituation" reasoningScope="INTERNAL"/>
  </situation>
</CommonBaseEvent>

I don't really understand how can I operate for example the "ELAPSED" extended elements and moreover be able to track his value evolution
Any clue on your side?

CommonBaseEvent treatment

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Join the Conversation

CommonBaseEvent treatment

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience