Installation

This package is installed from the LogScale Marketplace and requires that Falcon LTR is already provisioned. Prior to installation, please uninstall any related versions of this package that did not originate from the Marketplace.This package will generate an fdr_aidmaster.csv mapping file every 3 hours. You may receive a query error about the file not being found prior to the initial generation. To force the generation of this file before the 3 hour window:

Go to both Alerts → Scheduled Searches -> FLTR aidmaster Generation scheduled search.
Change the Search schedule to
```
>* * * * *
```
and click Save scheduled search.
Wait approximately 1-2 minutes.
Click on Alerts → Scheduled Searches. This should now show a Last Triggered time for the FLTR aidmaster Generation scheduled search. This means the file has been generated.

Note

Do not skip these next steps. Revert the settings after the file has been generated:

Go back to the FLTR aidmaster Generation scheduled search in Alerts → Scheduled Searches.
Change the Search schedule back to the original value of:
```
H */3 * * *
```
Click Save scheduled search.

Integrations

Integrations

Packages

LogScale APIs 1.118.0-1.137.0

APIs

API Authentication

Cluster Management API

Health Check API

Ingest API

Lookup API

Redact Events API

Search API

Software Libraries

LogScale Third-Party Log Shippers

Third-Party Log Shippers

Installation

Note

Enter search term