- Log Stream Overview
- Parser Manager
- Parsers Overview
- View Parser Details
- Create a Custom Parser
- Import Sample Logs
- Define a Subset of the Sample Logs
- Add Conditions
- Add Basic Parser Information
- Extract Event Fields
- Extract Mapped JSON Fields
- Select JSON Fields from a List of Key/Value Pairs
- Select Tokenized JSON Fields from the Values in the Sample Log
- Manually Enter JSON Path Expressions
- Reorder Mapped JSON Fields
- Review the Matching JSON Fields and Values
- Add Logic to JSON Field Extraction
- Expressions for Extraction Conditions
- Array Log Sample
- Extract Fields Using Regular Expressions
- Extract Mapped JSON Fields
- Add Event Builder Rules
- Review and Save Parser
- Manage Existing Custom Parsers
- Tokenize Non-Standard Log Files
- Customize a Default Parser
- Duplicate a Parser
- Enable or Disable Parsers
- Live Tail
Import Sample Logs
Import sample logs that represent the type of information your system typically ingests, so you can create a parser that properly extracts this information.
In the Add Sample Log Lines section of the New Parser page, select sample logs to import:
To select a log file from your file system, select Add a file, then drag and drop a file or click Select a File, and choose a files from your system to upload. The sample log file size must be no more than 1,000 lines and no more than 250 KB. The file format must be
.log,.txt, or.json.To copy and paste logs, select Copy and paste raw log lines, then paste the content into the text box. You can enter up to 1,000 lines.
The Parser Manager matches your sample logs to the parser definitions installed on your instance. These are parsers created by Exabeam, and can include parsers added or updated more recently than the latest product release. It also uses other custom parsers you or other team members have created.
Click Find Matching Parsers.
A Matching Parsers section will appear at the bottom of the New Parser page.