How to integrate multiple remote LFA to a single IBM Log Analysis data source?

How To

Summary

I have multiple remote LFA that I would like to integrate to a single Log Analysis data source. What is the configuration needed?

Steps

You need to use 2 metadata fields to identify the data origin:

1) sourceHost
2) sourcePath

The steps to configure the integration are:
1. Request UnityEIFReceiver.jar from IBM support. Take backup of <LA_HOME>/UnityEIFReceiver/jars/UnityEIFReceiver.jar and replace it with the JAR file from IBM support.

2. In the LFA configuration that sends the data to data source, add 2 metadata fields (sourceHost and sourcePath) in the .fmt file along with value for it. Add | (pipe) separated metadata field name and metadata columns names:

REGEX AllRecords
(.*)
hostname xxxxxxxxxxx
-file /yyyyy/yy/yyyyy.log
RemoteHost ""
sourceHost"abcd.com"
sourcePath "mypath"
metadata "sourceHost|sourcePath"
logpath PRINTF("%s",file)
text $1
END

3. Restart LFA and LogAnalysis.

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSPFMY","label":"IBM Operations Analytics - Log Analysis"},"ARM Category":[],"Platform":[{"code":"PF016","label":"Linux"}],"Version":"1.3.5","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Tips

How to integrate multiple remote LFA to a single IBM Log Analysis data source?

How To

Summary

Steps

Document Location

Product Synonym

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?