To simplify the list creation process, you can gather values from the set of dimension values that are automatically stored in the database logs for 14 days. When a sufficient sample accrued in the log files, you may download those values, edit them, as needed, and then import back into the dimension whitelist, blacklist, or group list.
Note: After you initially create a dimension, it may take a variable length of time before the database logs begin to be populated with a meaningful number of values. If no values for the dimension were detected in the transaction stream or if the logs were recently purged, the list of available values may be empty.
To create or edit a whitelist, blacklist, or group list that is based on values that are captured and stored in the log files, complete the following general steps.
- Enable logging for the dimension.
- After dimension value logging was enabled, allow a sufficient time to pass to collect values in the logs.
- When you are ready to add the values, edit the dimension. Then, choose to edit the whitelist, blacklist, or group list of the dimension.
- In the Edit Dimension dialog, download the log values.
- Edit the log file locally to add, edit, or remove values for inclusion in your list.
- Import the file into the Edit Dimension dialog for inclusion as values in your list.
- Add the values to the dimension.
- New values may become available for logging when the Data Collector performs its next collection run.
- Repeat the above steps periodically to capture new values appearing in the capture stream.
After you configure a dimension to be populated with log file data, the Tealeaf Reference Session Agent begins capturing any detected values and automatically inserts them into the logs.
- Values are reviewed and inserted once per hour.
- All detected values are inserted. Any whitelist and blacklist that you specify does not filter the recorded values.
- These logs are retained for 14 days, after which they are purged, and a new set of log files begins to accumulate.
- By default, the values are inserted into the database once per hour.
Download log values
To download all values that accrued in the dimension's log files, click Download Log Values in the Edit Dimension dialog. Save the compressed file to your local desktop.
A downloaded log file can contain up to the top 250,000 values by occurrence over the duration that they collected in the logs.
Extract the file. Values appear in the following tab-separated format:
DetectedValue1 NumberOfOccurrences1
DetectedValue2 NumberOfOccurrences2
DetectedValue3 NumberOfOccurrences3
Edit dimension values
You can edit a downloaded file of log values or create one as a text file in the above tab-separated format.
If you download log values from Tealeaf, you might need to remove or replace the content of column 2, which contains number of occurrences. When a dimension list is imported, column 2 can optionally contain the display name value for the log value.
You might find it useful to use a spreadsheet editor like Microsoft™ Excel, which enables you to sort downloaded log value files that are based on the number of occurrences. You can then selectively choose to upload the Top-N values.
If you use Microsoft Excel or other editor to create or edit your dimension values, be sure to save the file as a tab-separated text file.
Note: If you purge dimension data, you cannot edit the dimension values for the dimension until the Data Collector completed its operations to purge values from each Canister. These operations occur every 5 minutes.
Import dimension values
To import dimension values to a whitelist, blacklist, or group list, click Import File in the Edit Dimension dialog. Navigate your local desktop to select the file to import.
Update log values
Every hour at the top of the hour, each Processing Server makes the dimension log values captured in the previous hour that is exposed for collection. Ten minutes later, the Data Collector service pulls the values from each Processing Server. Depending on the data and the current load on the system, the collected values may be available for immediate use in the Event Manager.