PREVIOUS test.drop

NEXT uba.varonis

test.keep

The  test.keep tag is used to test on the event sending.

Unlike the test.drop tag, the events are stored and can be consulted on its respective table.

There are two types of this tag:

  • test.keep.free
  • test.keep.types

test.keep.free

  • It treats all the event content as a single text file.
  • The message field is not subject of any kind of parsing, but you can run searches over it using the available character string operations.
  • It maintains the syslog priority as well as two separate fields: facility and level.
  • It is used to send arbitrary text strings.

test.keep.types

  • It allows to send different types of data using the type=value nomenclature and the semicolon (;) as separator between elements (e.g. type1=valueA;type2=valueB;type3=valueC...).
  • It conserves the syslog priority as well as two separate fields: facility and level

Some of the data types supported by this table:

  • int4: 4 bytes integer
  • int8: 8 bytes integer
  • hex4: 4 bytes hexadecimal number
  • hex8: 8 bytes hexadecimal number
  • float8: 8 bytes floating point number
  • ip4: Pv4 address
  • str: Text string between quotation marks
  • date: UTC date format (yyyy-MM-dd hh:mm:ss.SSS)
  • millis: date in milliseconds
  • epoch.millis: date format in epoch.milliseconds 

Example of valid messages

test.keep.types messages

hex4=7a69;hex8=11F71FB04CB;float8=3.14159265358979323846
ip4=8.8.8.8;epoch.millis=946681200.000
int4=1234;int8=922337203685477600;str="in log we trust";millis=946681200000
  • When consulting the test.keep.types table, the events would be displayed as below: 

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.

CONTACT US

PREVIOUS test.drop

NEXT uba.varonis