Receiving data over an HTTP/HTTPS connection
To receive data over an HTTP/HTTPS connection, you need to create the Receive over HTTP/HTTPS data collector. This data collector acts like an endpoint that allows you to receive application data (or events) into TrueSight IT Data Analytics by using the HTTP or HTTPS protocol.
When you use the HTTPS protocol, the data collector uses SSL based authentication. You can optionally provide an access token that is shared between the HTTP client and TrueSight IT Data Analytics. This token is used for authenticating the client sending data into TrueSight IT Data Analytics.
While sending requests to TrueSight IT Data Analytics, ensure that you do not break a single event into multiple requests.
Creating this data collector requires minimal inputs. Data sent from the client to TrueSight IT Data Analytics is encrypted.
The following information can help you understand the steps for creating this data collector and other aspects related to the creation process:
Before you begin
If you want to receive data over an HTTPS protocol, ensure that the keystore certificate is configured on the Collection Station (or Collection Agent) that you want to use for the data collection.
To receive data over an HTTP or HTTPS connection
- Navigate to Administration > Data Collectors > Add Data Collector.
- In the Name box, provide a unique name to identify this data collector.
From the Type list, select Receive over HTTP/HTTPS.
Provide the following information, as appropriate:
Field Description Target/Collection Host Collection Host (Agent)
Type or select the collection host depending on whether you want to use the Collection Station or the Collection Agent to perform data collection.
The collection host is the computer on which the Collection Station or the Collection Agent is located.
By default, the Collection Station is already selected. You can either retain the default selection or select the Collection Agent.
Note: Ensure that the time zone of the collection host is the same as that of the host from which the data comes.
Collector Inputs (Note that data becomes available for searching only after a client sends data to the specified host (on the corresponding port)). Protocol
Select HTTP or HTTPS as appropriate.
An HTTPS connection ensures that the data sent from the REST client to TrueSight IT Data Analytics is encrypted.
By default, HTTP is selected.
If you select HTTPS, then you need to provide the following additional inputs: Keystore Type
Specify the type of keystore.
For example, JKS, PKCS12, and JCEKS.
By default, this value is set to JKS.
Specify the keystore location.
For example, C:\op\server.store.
Specify password of the keystore file where the certificates are stored.
Key Manager Algorithm
Specify the algorithm used by the keystore's key manager factory.
By default, this value is set to sunx509.
Bind address Provide the host name or IP address to which you want to bind .
By default, this value is set to 0.0.0.0
Provide the port number on which the data collector must listen for incoming connections.
By default, this value is set to 8888.
(Optional) Specify an access token for authenticating the client sending data into TrueSight IT Data Analytics. The access token can be any string without spaces. This token is shared between TrueSight IT Data Analytics and the REST client.
While sending the message request to TrueSight IT Data Analytics, you need to add an authorization header with the value same as the access token. Name the header as "Authorization" and specify the value as the access token, for example,
Data Pattern Pattern
Assign a matching data pattern (and optionally date format) for indexing the data.
If the data that you want to collect is in the JSON format, then you need to manually select one of the JSON-related data patterns. Unless you use the correct data pattern for collecting JSON data, key-value pairs in the data are not extracted as fields.
By default the data pattern is set to Free Text without Timestamp. Unlike other data collectors, this type of data collector does not support automatic detection of relevant data patterns. And because this data collector receives events asynchronously, you cannot see a preview of the results right after selecting the data pattern.
After creating the data collector, if you are not satisfied with the search results, then you can assign a new data pattern by manually creating it or by customizing an existing data pattern that closely matches the data that you are collecting (by using the clone feature). You can obtain the sample data for creating (or cloning) the data pattern from the search results on the Search page (data that just got indexed).
The data pattern and date format together decide the way in which your data will be indexed. When you select a data pattern, the matching date format is automatically selected. However, you can override the date format by manually selecting another date format or by selecting the option to create a new date format. By doing this, the date format is used to index the date and time string, while rest of the data is indexed as per the data pattern selected. If you select only a date format, then the date format is used for indexing the timestamp, while the rest of the data is displayed in a raw format in your search results.
For more information, see Assigning the data pattern and date format to a data collector.
Date Format Date Locale
(Optional) You can use this setting to enable reading the date and time string based on the language selected. Note that this setting only applies to those portions of the date and time string that consist letters (digits are not considered).
By default, this value is set to English.
You can manually select a language to override the default locale. For a list of languages supported, see Language information.
(Optional) This setting is applicable only when you select Free Text without Timestamp as the data pattern.
All records processed using the Free Text without Timestamp data pattern are assumed to be a single line of data with a line terminator at the end of the event.
Records are distinguished on the basis of the new line separator.
If you want to distinguish records in a custom way, then you can specify a custom string or regular expression in the Event Delimiter box that decides where the new line starts in the data. This string or regular expression must correspond to some text in your data which appears at the beginning of a line.See examples
The following regular expression distinguishes records when the line starts with "INFO" or "ERROR" or "WARN".
The following regular expression distinguishes records when the line starts with “com.bmc.ola”.
Start/Stop Collection (Optional) Select this check box if you want to start the data collection immediately.Advanced Options Ignore Data Matching Input
(Optional) If you do not want to index certain lines in your data file, then you can ignore them by providing one of the following inputs:
- Provide a line that consistently occurs in the event data that you want to ignore. This line will be used as the criterion to ignore data during indexing.
- Provide a Java regular expression that will be used as the criterion for ignoring data matching the regular expression.
Example: While using the following sample data, you can provide the following input to ignore particular lines.
- To ignore the line containing the string, "WARN", you can specify WARN in this field.
- To ignore lines containing the words both "WARN" and "INFO", you can specify a regular expression
.*(WARN|INFO).*in this field.
Sep 25, 2014 10:26:47 AM net.sf.ehcache.config. ConfigurationFactory parseConfiguration():134 WARN: No configuration found. Configuring ehcache from ehcache-failsafe.xml found in the classpath: Sep 25, 2014 10:26:53 AM com.bmc.ola.metadataserver. MetadataServerHibernateImpl bootstrap():550 INFO: Executing Query to check init property: select * from CONFIGURATIONS where userName = 'admin' and propertyName ='init' Sep 30, 2014 07:03:06 PM org.hibernate.engine.jdbc.spi. SqlExceptionHelper logExceptions():144 ERROR: An SQLException was provoked by the following failure: java.lang.InterruptedException Sep 30, 2014 04:39:27 PM com.bmc.ola.engine.query. ElasticSearchClient indexCleanupOperations():206 INFO: IndexOptimizeTask: index: bw-2014-09-23-18-006 optimized of type: data
Data Retention Period (in days)
Indicates the number of days for which indexed data must be retained in the system.
By default, this value is set to 7. The default value is based on the maximum data retention period specified at Administration > System Settings.
You can change this limit to a maximum of 14 days. To increase the limit beyond 14 days, you need to modify the value of the following property:
- Property name:
- Property location: %BMC_ITDA_HOME%\custom\conf\server\searchserviceCustomConfig.properties
After changing the property value, you need to restart the Search component to apply the change.
For more information, see Understanding data retention and deletion.
Best Effort Collection
(Optional) If you clear this check box, only those lines that match the data pattern are indexed; all other data is ignored. To index the non-matching lines in your data file, keep this check box selected.
Note: Non-matching lines in the data file are indexed on the basis of the Free Text with Timestamp data pattern.
Example: The following lines provide sample data that you can index by using the Hadoop data pattern. In this scenario, if you select this check box, all lines are indexed. But if you clear the check box, only the first two lines are indexed.Sample data
2014-08-08 15:15:43,777 INFO org.apache.hadoop.hdfs.server. datanode.DataNode.clienttrace: src: /10.20.35.35:35983, dest: /10.20.35.30:50010, bytes: 991612, op: HDFS_WRITE, cliID: 2014-08-08 15:15:44,053 INFO org.apache.hadoop.hdfs.server. datanode.DataNode: Receiving block blk_-6260132620401037548_ 683435 src: /10.20.35.35:35983 dest: /10.20.35.30:50010 2014-08-08 15:15:49,992 IDFSClient_-19587029, offset: 0, srvID: DS-731595843-10.20.35.30-50010-1344428145675, blockid: blk_-8867275036873170670_683436, duration: 5972783 2014-08-08 15:15:50,992 IDFSClient_-19587029, offset: 0, srvID: DS-731595843-10.20.35.30-50010-1344428145675, blockid: blk_-8867275036873170670_683436, duration: 5972783Tags
Inherit Host Level Tags From Target Host (Optional) Select this check box to inherit your tag selections associated with the target host that you selected earlier. This option is not applicable if you did not select a target host. Note: After selecting this check box, you can further manually select additional user groups. When you manually select additional user groups, both the inherited permissions as well as the manually assigned permissions are applied. To remove the inherited permissions, clear this check box. Select Tag name and corresponding value
(Optional) Select a tag name and specify the corresponding value by which you want to categorize the data collected. Later while searching data, you can use these tags to narrow down your search results.
Example: If your are collecting data from hosts located at Houston, you can select a tag name for "Location" and in the value specify "Houston". While searching the data, you can use the tag, Location="Houston" to filter data and see results associated with the Houston location.
To be able to see tag names, you need to first add them by navigating to Administration > System Settings.To specify tag names and corresponding values, in the left box select a tag name and then type the corresponding tag value in the right box. While you type the value, you might see type-ahead suggestions based on values specified in the past. If you want to use one of the suggestions, click the suggestion. Click Add to add the tag name and corresponding value to the list of added tags that follow. Click Remove Tag to remove a tag.
The tags saved while creating the data collector are displayed on the Search tab, under the Filters panel, and in the Tags section.
Note: At a time, you can specify only one value for a tag name. To specify multiple values for the same tag name, each time you need to select the tag name, specify the corresponding value, and click Add.
For more information about tags, see Understanding tags.Group Access
Inherit Host Level Access Groups From Target Host (Optional) Select this check box to inherit your group access configurations associated with the target host that you selected earlier. This option is not applicable if you did not select a target host.
Note: After selecting this check box, you can further manually select additional user groups. When you manually select additional user groups, both the inherited permissions as well as the manually assigned permissions are applied. To remove the inherited permissions, clear this check box.
Select All Groups
(Optional) Select this option if you want to select all user groups. You can also manually select multiple user groups.
Notes: You can access data retrieved by this data collector based on the following conditions.
- If user groups are not selected and data access control is enabled: Only the creator of the data collector can access data retrieved by this data collector.
- If user groups are not selected and if data access control is not enabled: All users can access data retrieved by this data collector. You can restrict access permissions by selecting the relevant user groups that must be given access permissions. To enable data access control, navigate to Administration > System Settings.
For more information, see Managing user groups in IT Data Analytics.
- Click Create to save your changes.
Character set encoding used for sending data
By default, the data collector assumes that the data sent is UTF-8 encoded. To pass another type of character set encoding, you need to include the following line in the message header of the client. In the following line, replace
utf-8 with the character set encoding that you want to pass.
Content-type: application/plain; charset=utf-8
Limit for collecting JSON events
You can only collect JSON events (data between the opening and closing braces) upto 10 KB in size. Any JSON event that exceeds this limit is automatically rejected. Therefore, events that exceed the default limit are not indexed and are not searchable. For more information, contact BMC Support.