Documentation - Exabeam Auto Parser Generator
- Create a Custom Parser Using Auto Parser Generator
- Prerequisites
- 1. Import sample logs
- 2. Determine a subset of the sample logs for which to create a parser
- 3. Add conditions
- 4. Identify the log vendor and product
- 5. Select an event type
- 6. Map event type fields to log values
- 7. Enter general information about the parser
- 8. Review the parser
- 9. Install the parser and event builder
- Duplicate a Custom Parser Using Auto Parser Generator
- Edit a Custom Parser in Auto Parser Generator
- Delete a Custom Parser In Auto Parser Generator
- What's New in Auto Parser Generator
Edit a Custom Parser in Auto Parser Generator
Edit an existing parser you created or finish an incomplete parser you're working on.
If you leave while creating a parser, the incomplete parser appears in the list of parsers with an In Progress status. Edit the parser to resume your work. When you're creating or editing a parser, Auto Parser Generator saves your progress after each step and after you change anything.
For the parser you're editing, click the More
menu, then select Edit.Change the parser's conditions, associated vendor and product, event type, event type fields, name, time format, or associated log management system, then click Next until you reach the last step.
Before the Analytics Engine can use your updated parser, you must install the parser and event builder onto your environment:
To download the parser and event builder, click DOWNLOAD ZIP.
Install the parser and event builder:
If you have Advanced Analytics i54 or later, upload the file to Advanced Analytics settings.
If you have Advanced Analytics i53 or earlier, use Content Installer to install the parser and event builder.
Click Finish.