Hi, I have a log data exported from ArcSight, there is a Beacon message hidden in the data, I am trying to to find these same messages being sent every X seconds without knowing the message and the interval
I am attaching the knwf and excel file
Periodicity.knwf (13.5 KB)
e1.xlsx (207.7 KB)
Hi,
I’m not sure if I got your question perfectly, But here I’ve attached a workflow in which rows with Beacon messages are determined by a “Rule Engine” node (checking “Name” column for Beacon messages and appending the new column “Beacon Message” which contains Yes or No) and then those rows with Beacon message are filtered and the interval between Beacon messages is calculated (in sec).
Periodicity.knwf (118.8 KB)
well, we dont know what the beaconing message is, we dont know the inerval, we cant filter by string. We need to find Beacon test Messages at the end but all we know is there is a periodicity we need to find
There in the workflow which I shared, the interval between Beacon messages doesn’t seem to be regular. I think you have to provide more data to find a pattern.
oh, OK let me fix that