- Log Stream Overview
- Parser Manager
- Parsers Overview
- View Parser Details
- Create a Custom Parser
- Import Sample Logs
- Define a Subset of the Sample Logs
- Add Conditions
- Add Basic Parser Information
- Extract Event Fields
- Extract Mapped JSON Fields
- Select JSON Fields from a List of Key/Value Pairs
- Select Tokenized JSON Fields from the Values in the Sample Log
- Manually Enter JSON Path Expressions
- Reorder Mapped JSON Fields
- Review the Matching JSON Fields and Values
- Add Logic to JSON Field Extraction
- Expressions for Extraction Conditions
- Array Log Sample
- Extract Fields Using Regular Expressions
- Extract Mapped JSON Fields
- Add Event Builder Rules
- Review and Save Parser
- Manage Existing Custom Parsers
- Tokenize Non-Standard Log Files
- Customize a Default Parser
- Duplicate a Parser
- Enable or Disable Parsers
- Live Tail
Parser List
All parsers currently active in the pipeline, both custom and default Exabeam parsers, are listed at the bottom of the Log Stream home page, on the Parsers Overview tab.
At the top of this list there are several options that allow you to quickly narrow down the parser list.
Note
The total number of parsers in the list are shown next to the gear icon. This number changes as you filter the parsers.
Click the gear icon (
), to group the parsers by vendor.Enter a simple text search in the search bar.
Click Reorder to change the order in which the custom parsers will be applied to the data.
Click Import to import a parser.
Click Export to export all parsers and events builders.
Click +New Parser to create a new custom parser.
Use the column headings in the parser list to sort the parsers. The parsers can also be filtered by TYPE, VENDOR, PRODUCT, EVENT, PARSER CALIBRATION TIER, STATUS, and HEALTH.
Use the menu (
) at the end of each row to to View Details, Edit, Duplicate, Disable, Enable, Customize, View logs in Live Tail, Delete, or Export a particular parser.
Note
For custom parsers, Disable and Enable will only show on the menu of completed parsers.