Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The data displayed will match the data collected and sent to Splunk.

...

Field Mapping

...

Field

...

Description

...

Unit of Measure

...

ALGAREA

...

System Log: Group of 36 System Log Messages

...

String

...

ALGCLIENT

...

Client

...

Number

...

ALGDATE

...

SecAudit: Date audit entry created

...

YYYYMMDD

...

ALGFILENO

...

SysLog: File number

...

Number

...

ALGFILEPOS

...

SysLog: File offset

...

Number

...

ALGINST

...

SAP Instance Name

...

String

...

ALGLTERM

...

SecAudit: Terminal name

...

String

...

ALGREPNA

...

Program Name

...

String

...

ALGSUBID

...

System log: Third character of message name

...

String

...

ALGSYSTEM

...

Server Name

...

String

...

ALGTASKNO

...

Work process number

...

Number

...

ALGTASKTYPE

...

System log: SAP process name

...

String

...

ALGTCODE

...

Transaction Code

...

String

...

ALGTEXT

...

SecAudit: Text part of displayed Security Audit Log message

...

String

...

ALGTIME

...

SecAudit: Time at which audit entry was created

...

HHMMSS

...

ALGUSER

...

User Name in User Master Record

...

String

...

CURRENT_TIMESTAMP

...

The date time stamp when the information was collected

...

YYYYMMDDHHMMSS

...

EVENT_SUBTYPE

...

String

...

EVENT_TYPE

...

SM20

...

String

...

IPADDRESS

...

Terminal

...

IP Address

...

PARAM1

...

SysLog: variable message data

...

String

...

PARAM2

...

SysLog: variable message data

...

String

...

PARAM3

...

SysLog: variable message data

...

String

...

PARAM4

...

SysLog: variable message data

...

String

...

TXSEVERITY

...

System audit log: Security level text format

...

String

...

TXSUBCLSID

...

System audit log: Security class text format

...

String

...

UTCDIFF

...

The UTC OFFSSET in HHMMSS that the data was collected in

...

HHMMSS

...

UTCSIGN

...

The UTC positive or negative OFFSET indicator. Positive (+) means add UTCDIFF to find the time zone of the data, negative (-) means subtract the UTCDIFF to find the time zone adjusted date time the data was collected in.

...

+ | -