Devo does not store these events, they are only counted. This allows you to perform quick tests to find out if the events are being sent correctly.
The tag should have a third element chosen by the user. This can identify the test type or the data source. Here are some tag examples:
How to consult the ingested events
Events with the test.drop.* tag are not stored, so if you try to open the table, you will see nonsense events generated by the system. Instead, you shoudl open the siem.logtrust.collector.counter table. This table retrieves information about the table, technology and relay (if any) of all the events that were sent to Devo collector.
Search the object column for the tag name. In the tag's row you will see the count, size and date of the successfully sent events.
Have we answered your question?
If not, please contact our technical support team via email by clicking the button below.CONTACT US