- Exabeam Auto Parser Generator
- Create a Custom Parser Using Auto Parser Generator
- Duplicate a Parser Using Auto Parser Generator
- Import a Custom Parser Into Auto Parser Generator
- Edit a Custom Parser in Auto Parser Generator
- Delete a Custom Parser In Auto Parser Generator
- Tokenize Non-Standard Log Files
- Event Types in Custom Parsers
- What's New in Auto Parser Generator
Edit a Custom Parser in Auto Parser Generator
Use these instructions to edit an existing custom parser, or to finish an incomplete parser you are working on.
If you leave while creating a parser, the incomplete parser appears in the list of parsers with a Draft status. Edit the parser to resume your work. When you're creating or editing a parser, Auto Parser Generator saves your progress after each step and after you change anything.
On the Parsers page, click the
menu on the custom parser you wish to edit, and then select Edit.If you imported a parser, import sample logs that represent the type of information Advanced Analytics typically ingests. These sample logs ensure that you create a parser that properly extracts this information.
To select a log file from your file system, select Add a file, then drag and drop a file or click Select a File. You may upload a
.gzor.tgzfile that is no more than 100 MB.To copy and paste logs, select Copy and paste raw logs, then paste the content into the text box. You may enter up to 100 lines.
Click Find Matching Parsers.
Change the parser's conditions, associated vendor and product, event type, event type fields, name, time format, or associated log management system, then click Next until you reach the last step.
To download the parser and event builder, click Download Zip.
Note
You will need this download file to install the custom parser onto your Advanced Analytics and/or Data Lake environments.
Click Finish and Close.