- Log Stream Overview
- Parser Manager
- Parsers Overview
- View Parser Details
- Create a Custom Parser
- Import Sample Logs
- Define a Subset of the Sample Logs
- Add Conditions
- Add Basic Parser Information
- Extract Event Fields
- Extract Mapped JSON Fields
- Select JSON Fields from a List of Key/Value Pairs
- Select Tokenized JSON Fields from the Values in the Sample Log
- Manually Enter JSON Path Expressions
- Reorder Mapped JSON Fields
- Review the Matching JSON Fields and Values
- Add Logic to JSON Field Extraction
- Expressions for Extraction Conditions
- Array Log Sample
- Extract Fields Using Regular Expressions
- Extract Mapped JSON Fields
- Add Event Builder Rules
- Review and Save Parser
- Manage Existing Custom Parsers
- Tokenize Non-Standard Log Files
- Customize a Default Parser
- Duplicate a Parser
- Enable or Disable Parsers
- Live Tail
PrevNext
Live Tail
Live Tail within the Log Stream application offers comprehensive visibility into the ingestion and processing of data. It also provides insights into state changes related to log volumes, processing latency, and analysis status.
Live Tail allows you to monitor data arriving in the Exabeam cloud from all collectors, ensuring the appropriate logs are being received, processed, categorized, and enriched correctly.
By sampling incoming logs in real-time, Live Tail provides immediate insights into data processing, enabling you to fine-tune parsers as necessary for optimal performance.
Note
Live Tail does not show all data, and should not be considered a replacement of Search in the Exabeam Security Operations Platform.