Administration Guide › Mapping and Parsing › How to Create a Data Mapping File › Provide Sample Events

Provide Sample Events

You can use the Mapping File wizard to search for sample events to use in analyzing the DM file. You can search through the event log store or provide sample events directly from a log file. Sample events provide a template against which to test the mapping output in the final step of the wizard.

To provide sample events

1. Open the mapping file wizard and advance to the Sample Events step.

   The Sample Events screen appears.

2. Select the Log Store or Log File option button in the Find Sample Events area.
3. If you select Log Store:
   1. Select the sample event source type you want from the Parsing Column drop-down menu. Select result_string for WMI event sources, or raw_event for syslog event sources.
   2. Select the query you want to use to provide sample events, using the Query Tag Filter and Query List.

      The query appears, displaying the sample events.

      Note: You can use any available or custom query to locate sample events. If you plan to use a custom query, we recommend that you create and test it before beginning the data mapping file design process.

4. If you select Log File:
   1. Browse to find the log file you want, and click Upload.

      Events from the log file appear in the Sample Events pane.

      Note: The wizard assumes that each line in the file is an event. Multiple line events are not supported.

   2. Click Extract Dynamic Fields, if your sample log file contains dynamic pair values you want to include in the parsed sample.
5. Click the appropriate arrow to advance to the wizard step you want to complete next, or click Save and Close.

   If you click Save and Close, the new file appears in the Mapping File User folder, otherwise the step you select appears.

More information:

Dynamic Parsing