Exabeam Cloud PlatformAuto Parser Generator

Download PDF

Table of Contents

Edit a Custom Parser in Auto Parser Generator

Edit an existing parser you created or finish an incomplete parser you're working on.

If you leave while creating a parser, the incomplete parser appears in the list of parsers with an In Progress status. Edit the parser to resume your work. When you're creating or editing a parser, Auto Parser Generator saves your progress after each step and after you change anything.

  1. For the parser you're editing, click the More The more options menu; three vertical grey dots on a white background. menu, then select Edit.

  2. If you imported a parser, import sample logs that represent the type of information Advanced Analytics typically ingests. These sample logs ensure that you create a parser that properly extracts this information.

    • To select a log file from your file system, select Add a file, then drag and drop a file or click Select a File. You may upload a .gz or .tgz file that is no more than 100 MB.

    • To copy and paste logs, select Copy and paste raw logs, then paste the content into the text box. You may enter up to 100 lines.

    Click Find Matching Parsers.

  3. Change the parser's conditions, associated vendor and product, event type, event type fields, name, time format, or associated log management system, then click Next until you reach the last step.

  4. Before the Analytics Engine can use your updated parser, you must install the parser and event builder onto your environment:

    1. To download the parser and event builder, click DOWNLOAD ZIP.

    2. Install the parser and event builder:

      • If you have Advanced Analytics i54 or later, upload the file to Advanced Analytics settings.Upload a Content Package

      • If you have Advanced Analytics i53 or earlier, use Content Installer to install the parser and event builder.Content InstallerInstall Security Content Using Content Installer

    3. Click Finish.