Autodiscovery of Datasources

SNYPR 6.4 provides auto-discovery of syslog based datasources that simplifies and automates the onboarding process. This new workflow improves the time to value for onboarding datasources. Once you have configured your datasource to send events to the RIN, SNYPR discovers those events and suggests a parser for it.

Note: You must upgrade to RIN 6.4 to use the Discovered feature of Activity Import. For more information, refer to the RIN Installation Guide.

You can view new syslog based resources that are available for configuration from the Discovered section of the Activity Import screen. The discovered datasources are sorted by recommended device type so that users can prioritize the onboarding of devices by reviewing suggested parsers.

Note: You can enable the autodiscovery of syslog based datasources from Administration > Settings > Data Ingestion. Once you have enabled the autodiscovery, you can not disable it. In the multi-tenant environment, you have to enable or disable autodiscovery of syslog based datasources for each tenant.

You can select a resource group to view resource details.

The screen displays datasource details and allows you to select a time zone and parser for that datasource. SNYPR analyzes the ingested events and suggests parsers. You can click Recommended Parsers to view and select a suggested parser. If SNYPR does not suggest a parser, you can select a parser from the list categorized by Vendors and Resource Types.

Note: You can enable or disable recommended parsers by using the Auto Parser Recommendation for Device Discovery flag from Administration > Settings > Data Ingestion.

You can click Next to view the Parser Management screen to review the parsing of the event logs.

Note: For detailed information on auto-discovery, refer to the Activity Import section of the Data Integration guide.