- Log Stream Overview
- Parser Manager
- Parsers Overview
- View Parser Details
- Create a Custom Parser
- Import Sample Logs
- Define a Subset of the Sample Logs
- Add Conditions
- Add Basic Parser Information
- Extract Event Fields
- Extract Mapped JSON Fields
- Select JSON Fields from a List of Key/Value Pairs
- Select Tokenized JSON Fields from the Values in the Sample Log
- Manually Enter JSON Path Expressions
- Reorder Mapped JSON Fields
- Review the Matching JSON Fields and Values
- Add Logic to JSON Field Extraction
- Expressions for Extraction Conditions
- Array Log Sample
- Extract Fields Using Regular Expressions
- Extract Mapped JSON Fields
- Add Event Builder Rules
- Review and Save Parser
- Manage Existing Custom Parsers
- Tokenize Non-Standard Log Files
- Customize a Default Parser
- Duplicate a Parser
- Enable or Disable Parsers
- Live Tail
Log Stream in Platform Notifications
Notifications about changes to the status and availability of parser packages are displayed in the Exabeam Security Operations Platform notification service. To view these Platform notifications, click the notifications icon (
) in the top right corner of any window in the Platform application. The Your Notifications pane is displayed as shown in the image below.
Note
Notifications are generated within 10 minutes of a parser package installation or removal.
 |
By default, Log Stream notifications are generated when a parser package is installed, uninstalled, or becomes available. Depending on which notifications you want to see in the Your Notifications pane, you can choose to keep notifications for Log Stream turned on or decide to turn them off.
To manage your notifications:
Log into the Exabeam Security Operations Platform and click the Notifications icon (
) in the top right corner. The notification pane opens.Click the Settings icon (
) to open the Preferences Notification page.Scroll to the Security Management section and locate the Log Stream options.
You can toggle any of the following notifications on or off:
Parser Package Installed
Parser Package Uninstalled
Parser Package Available
By default, these notifications are received in the application, but you can also opt to receive them via email. For more information, see Manage Notification Preferences.
To configure group notification delivery via Teams, Slack, or web hooks, see Manage Global Notification Preferences.