...
Recommended steps:
- Prepare and save templates to log samples - use as many log types as possible that will be added during the environment processing and ensure data is parsed properly.
- Define a new collection policy (temp) with schedule set to 'Never'. This way no data will be processed before review.
- Scan the required directory/directories using templates (by setting Scan Method to use existing configuration) so the predefined configuration will be applied on the detected logs. Set the temporary collection policy on the scan result so no data will be collected and indexed before reviewing the scan results.
- Review the results on the scanning by entering selected log types that were detected by the scanner and ensure that all data is parsed and presented properly.
In case you identify log(s) which are not parsed well, make the required changes and replace / save a new template. Use the apply template on logs function to update all required logs based on the templates configuration. At the end of this process all logs should be parsed and presented properly. - Apply the required collection policy on the logs that were added by the scan process, so that data will be collected and indexed using the accurate configuration.
...