Importing Copied Logger Data to the SaaS Database

Requires archived event data in ArcSight Logger.

This section applies to existing ArcSight Logger customers who want to import their data to the ArcSight SaaS environment. The Logger from which the information is being migrated can be either a software or an appliance version.

The process for migrating data from ArcSight Logger to ArcSight SaaS consists of two phases:

Phase One – Copy Metadata and Archived Event Data

On each Logger, use the Archive Migration Tool to copy the Logger data to an Amazon S3 bucket.

The first time that you run the tool, you will configure the Amazon S3 bucket to receive the files.

Executing the Archive Migration Tool will:

  • Copy the files pertaining to the selected Logger archives to the Amazon S3 bucket.

  • Generate an Archive Catalog file that contains information about the copied archives.

  • Copy the Archive Catalog file to the Amazon S3 bucket to finish the process.

To complete this phase, follow the checklist in this Quick Start guide.

Phase Two – Import the Event Data

In ArcSight SaaS, import the copied Logger data to the ArcSight Database to make it available for searching and reporting. For more information about this phase, see Importing Logger data to ArcSight SaaS in the User's Guide to ArcSight Platform.

Before you import event data from a Logger archive to the ArcSight Database (Phase Two), ensure that the Phase One process for copying the data from the Logger to the ArcSight SaaS S3 bucket has completed.