Netskope Help

Only Admins can change Log Shipper Global Settings. Go to Settings > Log Shipper. There are two tabs: General and Mappings.

On the General tab, you can set the number of entries per page expected to be polled from Netskope. This setting should only be modified when directed to do so by Netskope.

On the Mapping tab, you can open and edit each of the mapping files available for use by the installed plugins by clicking the pencil icon.

You can also create a new mapping file to be invoked by a configured plugin as an alternative to the defaults provided. In the Wizard view, you can modify the mapping file to enable the addition, deletion, or modification of new fields to the default. For example, open an existing default file, like the SYSLOG file, and copy its contents to create a new mapping file by clicking Add Mapping File > Add Alert Field, and then add new fields for Alerts as needed. You do the same for Events and WebTx.

You may need to modify the mapping file to enable the addition, deletion, or modification of new fields to the default. .

In the Editor view, click Load From File to upload a mapping file.

Headers, payloads, and attributes can be overwritten, mapped to new values, transformed to use new data types, deleted, or added. If you prefer to do this outside of CE, you can download the original mapping file using the download icon, and then edit in a tool of your choice. When finished, copy the content and paste into a new placeholder file created using the copy function. Make sure the Editor button is selected when pasting.