.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Meta filename appears not to be parsed in NetWitness Logs and Packets
Issue
If we are seeing the meta filename not getting parsed then the reason might be the flag value is not the correct one:Cause
Since the flag value for the filename is not the correct one, we are not seeing the filename getting parsed for certain event sources.
Resolution
To resolve this:
- Step 1: Change the flag value to "None", make the changes the by copying the tag from : Admin>Services>LogDecoder>View>Config>Files >table-map.xml:
<mapping envisionName="filename" nwName="filename" flags="File" envisionDisplayName="Filename|FileName"/>
And paste it in Admin>Services>LogDecoder>View>Config>Files>table-map-custom.xml:
<mapping envisionName="filename" nwName="filename" flags="None" envisionDisplayName="Filename|FileName"/> - Step 2: Restart the decoder service, you should then be able to see the filename meta.
systemctl restart nwlogdecoder
Product Details
Product Set: NetWitness Logs and Packets
Product/Service Type: Log Decoder
Version/Condition: 11.x, 12.3
Platform: CentOS , AlmaLinux
Approval Reviewer Queue
Technical approval queue