The Argent Data Consolidator has a powerful wizard to automate most of the steps for creating Rules for parsing ASCII files.

There are a few steps need to be performed manually.

This article explains how to use the wizard.

Let’s assume you want to create a Rule to analyze the

C:\WINDOWS\WindowsUpdate.log on a Windows2003 Server.

Step One – Create A New Rule

First right-click and select the New option.

Step Two – Select The Log File Path

Ensure the sample data is loaded immediately.

This is required for subsequent steps.

Step Three – Define Delimiter And Time Stamp Format

Check the Log Parsing Specification screen and verify the Delimiter details are setup accordingly

e.g. Space-delimited fields with one or more spaces between fields

e.g. Space-delimited fields with only one space between fields

e.g. Tab-delimited fields with one tab between fields

Observing the data loaded in Step Two:

Step Four – Define Other Fields With The Log Field Setup Wizard

Use the Log Field Setup Wizard to add other fields to the Log Parsing Specification.

Verify the fields are delimited by vertical red lines at the correct field boundaries.

Step Five – Manually Update The Code

Review the Log Parsing Specification screen and it is setup correctly.

Note that it is possible to skip field(s) by commenting out or deleting the appropriate script line(s).

Click Test to verify all lines in the log file match the defined definition.

Step Six – Save The Rule

Right-click on Rule and select Save.

Note:

Field names are restricted to

• Time
• Machine
• User
• Source
• Id
• Severity
• Description
• User
• User_Data_1, User_Data_2 … User_Data10

The description field name is mandatory.

If a skipped/hidden field is specified it is not displayed in the delimited data section of the screen.