Documentation - Exabeam Auto Parser Generator
- Create a Custom Parser Using Auto Parser Generator
- Prerequisites
- 1. Import sample logs
- 2. Determine a subset of the sample logs for which to create a parser
- 3. Add conditions
- 4. Identify the log vendor and product
- 5. Select an event type
- 6. Map event type fields to log values
- 7. Enter general information about the parser
- 8. Review the parser
- 9. Install the parser and event builder
- Duplicate a Custom Parser Using Auto Parser Generator
- Edit a Custom Parser in Auto Parser Generator
- Delete a Custom Parser In Auto Parser Generator
- What's New in Auto Parser Generator
Duplicate a Custom Parser Using Auto Parser Generator
Create a new parser that builds on an existing custom parser you created using Auto Parser Generator.
Feel free to pause your work at any time. Auto Parser Generator saves your progress after each step and after you change anything. If you leave while creating a parser, the incomplete parser appears in the list of parsers with an In Progress status. To pick up where you left off, edit the parser.
For an existing parser, click the More
menu, then select Duplicate.Change the parser's conditions, associated vendor and product, event type, event type fields, name, time format, or associated log management system, then click Next until you reach the last step.
Before the Analytics Engine can use your parser, you must install the parser and event builder onto your environment:
To download the parser and event builder, click DOWNLOAD ZIP.
Install the parser and event builder:
If you have Advanced Analytics i54 or later, upload the file to Advanced Analytics settings.
If you have Advanced Analytics i53 or earlier, use Content Installer to install the parser and event builder.
Click Finish.