Hortonworks Cybersecurity Platform
Also available as:
PDF
loading table of contents...

Transform Your New Data Source Parser Information by Using the Management Module

After you create a parser, you can use the HCP Management module to transform the data source data to provide more relevant and helpful information. For example, you can choose to transform a url to provide the domain name of the outbound connection or the IP address.

  1. From the list of sensors in the main window, select your new sensor.
  2. Click the pencil icon in the toolbar.
    The Management module displays the sensor panel for the new sensor.
    Note
    Note
    Your sensor must be running and producing data before you can add transformation information.
  3. In the Schema box, click (expand window).
    The Management module populates the panel with message, field, and value information.
    The Sample field displays a parsed version of a sample message from the sensor. The Management module tests your transformations against these parsed messages.
    You can use the right and left arrows to view the parsed version of each sample.
    Although you can apply transformations to an existing field, users typically create and transform a new field.
  4. To add a new transformation, either click (edit) next to a field or click (add) at the bottom of the Schema panel.
    The following dialog box displays:
  5. From INPUT FIELD, select the field to transform, enter the name of the new field in the NAME field, and then choose a function with the appropriate parameters in the TRANSFORMATIONS box.
  6. If you decide not to use the default values for the batchSize and batchTimeout properties, you can set their values.
    In the Advanced portion of the input panel, enter the property name (for example batchSize) and the value in the PARSER CONFIG fields.
  7. Click SAVE.
    If you change your mind and want to remove a transformation, click the "x" next to the field.
  8. You can also suppress fields with the transformation feature by clicking (suppress icon).
    This icon prevents the field from being displayed, but it does not remove the field entirely.
  9. Click SAVE.