Exabeam Cloud PlatformAuto Parser Generator

Table of Contents

What's New in Auto Parser Generator

March 31, 2021

New

  • You can view all default, out-of-the-box parsers and select one to duplicate. Consider duplicating a default parser to modify a faulty parser or use the parser as a helpful starting point.

  • You can import an existing parser, or multiple existing parsers, into Auto Parser Generator to view and manage all your parsers in one place.

  • When you generate JRegex pattern for event type fields, you can reorder your JRegex patterns to ensure that your parser prioritizes and parses the correct log values.

  • You can enter a JRegex pattern that extracts multiple fields. Consider creating pattern like this if your log values are concatenated; your logs aren't formatted in key-value pairs, so you're identifying values based on location; or your parser covers multiple, slightly different log formats.

  • When you enter JRegex patterns for event type fields, you see all extended and informational fields for the event type you select. Although extended and informational field are optional, it's best to enter a JRegex pattern for these fields because they help process and display an event.

Improved

Performance and stability improvements.

Fixed

Minor bugs and UI issues.

Known Issues

There are no known issues in this release.

January 13, 2021

New

  • If you leave while creating a parser, Auto Parser Generator automatically saves your progress. Edit the incomplete parser to pick up where you left off.

  • When you map event type fields to log values, quickly view if a JRegex pattern has extracted a specific log value. Under Extraction Preview, search for that log value using Filter by value.

Improved

  • After uploading sample logs, under each matching parser, you see a sample of what the parser extracted so you quickly identify any missing fields it couldn't extract.

  • If you upload a comma-separated value (CSV) file, you see better suggestions when selecting values.

  • Minor performance improvements.

  • You see Auto Parser Generator's progress when it performs time-consuming tasks, like parsing large logs.

Fixed

Minor UI issues.

Known Issues

There are no known issues in this release.

December 12, 2020

New

  • You can write case-insensitive JRegex patterns. If you add (?i) to the beginning of your pattern, Auto Parser Generator disregards case when extracting log values.

Improved

  • When you map event field types to log values, you see more accurate suggestions for token and keys.

  • When selecting time formats, you see more accurate suggestions.

  • When you create a parser for the first time, you see more helpful messages about some steps.

  • Performance and stability improvements.

Fixed

If you used an unsupported browser, Auto Parser Generator occasionally crashed. Now, if you use an unsupported browser, you see a list of supported browsers and compatible versions. You can't use Auto Parser Generator on an unsupported browser.

Known Issues

There are no known issues in this release.

November 17, 2020

New

  • When you select conditions in your sample logs, you see the logs the parser does and doesn't match.

  • You can directly upload parsers and event builders you created in Auto Parser Generator to Advanced Analytics.Upload a Content Package

Improved

  • Auto Parser Generator is more responsive and processes your logs more quickly because we optimized the information stored on your browser.

  • When you map event type fields to log values, you see better suggestions for keys.

Fixed

  • When you created, edited, or duplicated a parser using certain sample logs, you didn't see the correct event types suggested. This issue has been resolved.

  • If you generated two JRegex patterns for the same field, the extracted values were incorrectly displayed under Extraction Preview. This issue has been resolved.

  • When you select a vendor and product, the vendor and product lists disappeared in some cases. This issue has been resolved.

  • When you selected an event type on the Choose Event step, the screen blinked. This issue has been resolved.

  • For some time formats, you didn't see any relevant suggestions. This issue has been solved.

Known Issues

There are no known issues in this release.