- Log Stream Overview
- Parser Manager
- Parsers Overview
- View Parser Details
- Create a Custom Parser
- Import Sample Logs
- Define a Subset of the Sample Logs
- Add Conditions
- Add Basic Parser Information
- Extract Event Fields
- Extract Mapped JSON Fields
- Select JSON Fields from a List of Key/Value Pairs
- Select Tokenized JSON Fields from the Values in the Sample Log
- Manually Enter JSON Path Expressions
- Reorder Mapped JSON Fields
- Review the Matching JSON Fields and Values
- Add Logic to JSON Field Extraction
- Expressions for Parser Field Extractions and Enrichment Mapping
- Array Log Sample
- Extract Fields Using Regular Expressions
- Reserved Fields
- Extract Mapped JSON Fields
- Add Event Builder Rules
- Review and Save Parser
- Manage Existing Custom Parsers
- Tokenize Non-Standard Log Files
- Customize a Default Parser
- Duplicate a Parser
- Enable or Disable Parsers
- Parser Updates
- Live Tail
- Enrichments
- Event Filtering
Enrichments
The Enrichments tab in the Log Stream application provides access to manage the enrichment rules that are applied automatically as part of the process to enrich parsed event logs with contextual data.
Note
The Enrichments tab in Log Stream is available to the following New-Scale licenses: New-Scale SIEM, New-Scale Fusion, New-Scale Analytics
The Enrichments tab offers the following types of information about the available enrichment rules:
Charts – Usage data is visualized in the form of charts that show status health and activity levels for the enrichment rules in your environment.
Table – A table lists all of the enrichment rules available in your environment. Lifecycle metrics for each rule are provided, such as when it was created, updated, and used. You can manage each enrichment rule in the list to enable, disable, or export them. You can also view and edit the configuration details for a specific rule. New rules can be added by importing them from other environments or by creating custom rules using the New Enrichment button.
For more information about enrichment rules, see the following sections: