- Log Stream Overview
- Parser Manager
- Parsers Overview
- View Parser Details
- Create a Custom Parser
- Import Sample Logs
- Define a Subset of the Sample Logs
- Add Conditions
- Add Basic Parser Information
- Extract Event Fields
- Extract Mapped JSON Fields
- Select JSON Fields from a List of Key/Value Pairs
- Select Tokenized JSON Fields from the Values in the Sample Log
- Manually Enter JSON Path Expressions
- Reorder Mapped JSON Fields
- Review the Matching JSON Fields and Values
- Add Logic to JSON Field Extraction
- Expressions for Parser Field Extractions and Enrichment Mapping
- Array Log Sample
- Extract Fields Using Regular Expressions
- Reserved Fields
- Extract Mapped JSON Fields
- Add Event Builder Rules
- Review and Save Parser
- Manage Existing Custom Parsers
- Tokenize Non-Standard Log Files
- Customize a Default Parser
- Duplicate a Parser
- Enable or Disable Parsers
- Parser Updates
- Live Tail
- Enrichments
- Event Filtering
Parser Types
Exabeam categorizes parsers in Log Stream by type, according to where they originated and how they can be handled. These parser type categories are useful for filtering a list of parsers when you are looking for a specific individual parser or set of parsers. Log Stream parser types include the following:
Default Parsers – These are pre-built Exabeam parsers. Exabeam delivers updates to these parsers via Content Packages. You cannot modify these parsers but you can customize them.
Custom Parsers – These are parsers that have been created in, or imported into, your Log Stream environment. You have full control to modify or delete them.
Customized Default Parsers – These are default parsers that you have customized in Log Stream by using the Customize option to add new fields or event builders. When Exabeam pushes updates to the parser via a new Content Package, your customizations are retained. You can modify but not delete these parsers. - Custom Default Parsers – As of February, 2026, this specific categorization of customized parsers has been discontinued. This category has been removed in favor of a simpler, more consistent approach to handling default parsers that have been customized.