Log Stream Features Introduced in 2023
October 2023
The following Log Stream features were introduced in October 2023:
Feature | Description |
|---|---|
TimeFormats Array Support | Parser Manager has been enhanced to enable you select multiple time formats when creating custom parsers. You will be able to select one main time format, which will be assigned to This greatly improves the flexibility and compatibility of parsers to support variations in timestamp formats, significantly reducing parsing errors associated with timestamp fields. |
September 2023
The following Log Stream features were introduced in September 2023:
Feature | Description |
|---|---|
Individual Default Parser Management | Parser Manager has been enhanced to allow you to enable or disable individual default parser. This change gives you more granular control over which default parsers are utilized. |
Time Field and Time Zone Normalization | There is now an expanded recognition of various time zone formats for use in your parsers. This ensures a time zone is present, so that logs are not received out of order when dealing with multiple time zones or when time zone information is not present in the log. |
August 2023
The following Log Stream features were introduced in August 2023:
Feature | Description |
|---|---|
Multiple Parser Event Builders | Multiple parsers can now feed a single event. Previously a single parser would lead to a single event. This eliminates duplicate event builder logic from being created for different parsers when handling the same chores. |
View Parser Errors | Parser Manager can now alert you to parsing errors, and allow you to view the errors so that you can quickly begin troubleshooting without having to engage with the support team. The errors can be viewed on the parser listing. If a parser is in an Error status, you can click the status to view the details of the error.  These errors can also be viewed in the parser details panel. If the parser is in error status, the error and details will be shown at the top of the page. |
May 2023
The following Log Stream features were introduced in May 2023:
Feature | Description |
|---|---|
Parser Last Triggered Status | To help facilitate troubleshooting of log sources and parsers, Parser Manager now displays the last time a parser was triggered. This information is displayed in the parser list in the Parsers Overview tab and is also displayed when viewing parser details.  This makes it very clear when an expected log source has gone silent and helps to facilitate troubleshooting of log sources and parsers. |
April 2023
The following Log Stream features were introduced in April 2023:
Feature | Description |
|---|---|
Load More Log Samples | Live Tail now provides the ability to load more log samples. Previously, for lower volume log sources, there was a potentially long wait time to view and inspect incoming logs in Live Tail. Now, if the volume of logs is so low that no examples are showing, you will be able to directly search for logs from the Live Tail interface. |
Log Extraction Preview | In Parser Manager, you can now load examples of the extraction preview from a search of already ingested logs. Previously, for default parsers, you had to manually upload a log sample in order to see a preview of the extraction. This speeds up the process of validating and fine-tuning parsers. |
Export Parsers | In Parser Manager, you can now export custom parsers for use in other deployments. This saves you from having to re-create custom parsers in every deployment, increasing efficiency and collaboration. |
March 2023
The following Log Stream features were introduced in March 2023:
Feature | Description |
|---|---|
Parser Event Auditing | Log Stream has been enhanced to add certain parsed events to audit logs, allowing you to maintain industry compliance, detect threats, and resolve misconfiguration issues. The following events are added to audit logs:
|
Custom Vendor and Product Names | Parser Manager has been enhanced to allow you to add custom vendor and product names for any proprietary log source or previously unsupported log source. |
Uninstall and Reverse Parser Package | Parser Manager has been enhanced so that when the System uninstalls a parser package, the version will revert to the parser package that had previously been installed. Individual parser versions will automatically be updated to the version that is available in the reverted package, along with any parser customizations. These updates will be reflected in the update history. |
February 2023
The following Log Stream features were introduced in February 2023:
Feature | Description |
|---|---|
Exabeam now defines how well an event is aligned to the Common Information Model based on the behavior of the parser and the quality of incoming logs for the last 24 hours. This enables you to assess your parser quality. Parser Manager determines how many of the Core, Detection, and Informational fields are extracted for each parsed log line. This metric is aggregated for the previous 24 hours per parser to determine the Calibration Tier for the parser. |
January 2023
The following Log Stream features were introduced in January 2023:
Feature | Description |
|---|---|
Common Information Model Compliance Validation | Exabeam now defines how well an event is aligned to the Common information Model and gives you visibility into the accuracy and value of your parsers. |
Enriched Fields Identification | The View Parser Details feature of Parser Manager has been enhanced by evaluating enriched fields appropriately. The enriched fields are marked and the user is notified that it is an enriched field. |
Custom Field Support | Parser Manager has been enhanced to enable you to select from and add custom fields when creating and editing parsers. |