Parse report

(SPE2310)

You can use the Parse reports tab to generate reports that contain information from a thread, parsed into fields for easy reading. 

The report generator runs at midnight or you can run it on demand by clicking Generate Report Database . You can view the report data in HTML, CSV, text, and PDF format.

Related topic

BMC-Defender-Audit-Report-facility

The following table lists the out-of-the-box parse reports:

Report title

Description

Client Certificate Usage

Generates a report with client certificate serial numbers and other details on z/OS.

Server Certificate Usage

Generates a report with server certificate serial numbers and other details on z/OS.

Datastream Configuration: Events Selected

(SPE2407)

Generates a report that contains your BMC AMI Datastream EVENT statement configuration information.

Datastream Configuration: Local Dataset

(SPE2407)

Generates a report that contains your BMC AMI Datastream LOCAL statement configuration information.

Datastream Configuration: Options

(SPE2407)

Generates a report that contains your BMC AMI Datastream OPTIONS statement configuration information.

Datastream Configuration: SERVER Information

(SPE2407)

Generates a report that contains your BMC AMI Datastream SERVER statement configuration information.

Datastream Configuration: SMF Types

(SPE2407)

Generates a report that contains the information from the SMF records supported by BMC AMI Datastream.

Datastream Configuration: Switches

(SPE2407)

Generates a report that contains your BMC AMI Datastream SWITCH statement configuration information.

Datastream Configuration: Time

(SPE2407)

Generates a report that contains your BMC AMI Datastream TIME statement configuration information.

To add or modify a parse report

  1. Navigate to the Reports > Audit > Parse Reports tab.
  2. To add a report, click AddNew.
    To modify a report, click Edit (the numbered button near the report title).
  3. Modify the following parameters:

Parameter

Description

Report Title

Enter a title for the parse report.

The maximum limit is 72 characters.

Important

Don't enter special characters or punctuation marks.

(SPE2407) If you add the word datastream to your report title, the product identifies the report as a BMC AMI Datastream configuration report. For such reports, when you configure the Specify Message Parsing Rules parameter, you can add a maximum of 100 parse rules.

Pin This Report To Top

(This list appears only if you are modifying an existing report) To move the report to the top of the list on the Parse Reports tab, select Yes.

The default is No.

Report Data Source

From this list, select a thread.

The product parses messages from the specified thread.

Specify Message Parsing Rules

To specify the parsing rules for the report, perform the following steps:

  1. Click Config.
  2. On the subsequent tab, in the Parse Spec box, enter a parse rule.
    (SPE2407) For BMC Defender Server to report new fields that are added to BMC AMI Datastream, you must update the parse rules.
  3. To select a default field, from the Insert Common Field list, select a default field name.
    To select a custom field, in the Field Name field, enter a custom field name.
  4. Click Continue.

(Before SPE2407) You can add a maximum of 20 parse rules.

(SPE2407) If you are adding or modifying a BMC AMI Datastream configuration report, you can add a maximum of 100 parse rules.

Additional Match Expr

(Optional) To qualify the data collected from the thread that you selected from the Report Data Source list, enter a match expression.

For example, to further reduce the data in the report, you can parse, match, and report on just the messages that contain a certain keyword or match expression.

Report Span Days

(SPE2401) To report on data spanning multiple days, enter a value from to 500.

(Before SPE2401) This select menu permits the operator to report on data spanning more than one day. (SPE2304) To meet compliance requirements, you can set the span days to a week (7-Days), a month (31-Days), or an year (365-Days).

The value is mainly useful if the selected data source contains only a few 100,000 records or so. If the value is set too high, then the Scan Match Data Records value (described later in this topic) generally limits the number of records reported on. 

Important

Setting this value to a high number can dramatically increase the time to generate the report data. 

Require Field Count

To control the number of empty columns in the report for any data record, select an option from this list. This option prevents a report from containing many blank and uninteresting column values.

Example

If Require-2 is specified, then at least two parse expressions must match a particular line in the data source; if Require-All is specified, then all parse specifications configured using Config must match the data record for the record to be included in the report. 

Scan Max Data Records

This value is the maximum number of records in the data selected data source that are scanned when the report is generated. The value prevents the report generator from taking too long to generate a report. If the Scan Max Data Records is met then the report finishes. (See the additional notes later in this topic.)

De-Duplicate Messages

This value de-duplicates the records of the report.

This value is particularly useful when reporting on values without selecting a date and time field in the report so that you can, for example, determine user names, processes, and locations (but not the time of a particular message).

Important

If the date and time of the message is one of the parsed values, then this function leaves values in the report if duplicate values (other than the date and time) are encountered. 

Max Output Records

This value is the maximum number of records in the data selected data source that are output. If Max Output Records is met, then the report finishes. This value is generally the same as the Max Scan Data Records if De-duplicate Messages are false. (See the additional notes later in this topic.)

Important

This value is generally low (by default 2500 messages) to make the rendering of HTML and PDF reports manageable. 

Additional notes

The report gathers data until the Span Days setting is specified or the Scan Max Data Records count is reached or the Max Output Records is reached. 

Important

If De-Duplicate is set to false, then the Max Output Records value is generally the limiting parameter.

After you modify any configuration item, click Generate Report Database to regenerate the report.

After the report is generated (either manually, or at midnight) the operator can view the report, or download HTML, PDF, or other types of reports. These reports depict the data in the report viewer including any data filtered using the Match keyword at the top of the viewer. Therefore, prior to downloading a report, the operator can select certain records in the report that are of special interest.

The operator can configure the E-Mail facility to automatically e-mail any parse report at a scheduled interval, as with other Audit type reports. 

Important

This reporting facility is quite flexible, but might require good understanding of the Server Parse Expressions.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*