- Log Stream Overview
- Parser Manager
- Parsers Overview
- View Parser Details
- Create a Custom Parser
- Import Sample Logs
- Define a Subset of the Sample Logs
- Add Conditions
- Add Basic Parser Information
- Extract Event Fields
- Extract Mapped JSON Fields
- Select JSON Fields from a List of Key/Value Pairs
- Select Tokenized JSON Fields from the Values in the Sample Log
- Manually Enter JSON Path Expressions
- Reorder Mapped JSON Fields
- Review the Matching JSON Fields and Values
- Add Logic to JSON Field Extraction
- Expressions for Extraction Conditions
- Array Log Sample
- Extract Fields Using Regular Expressions
- Extract Mapped JSON Fields
- Add Event Builder Rules
- Review and Save Parser
- Manage Existing Custom Parsers
- Tokenize Non-Standard Log Files
- Customize a Default Parser
- Duplicate a Parser
- Enable or Disable Parsers
- Live Tail
Parser Types
Exabeam categorizes parsers in Log Stream by type, according to where they originated and how they can be handled. These parser type categories are useful for filtering a list of parsers when you are looking for a specific individual parser or set of parsers. Log Stream parser types include the following:
Default Parsers – These are pre-built Exabeam parsers. Exabeam delivers updates to these parsers via Content Packages. You cannot modify these parsers but you can customize them.
Customized Default Parsers – These are default parsers that you have customized in Log Stream by using the Edit Parser options to add new fields or event builders. When Exabeam pushes updates to the parser via a new Content Package, your customizations are retained. You can modify or delete these parsers. 
Custom Parsers – These are parsers that have been created in, or imported into, your Log Stream environment. You have full control over updating or deleting them.- Custom Default Parsers – These are a specific set of customized parsers that were migrated from Advanced Analytics. The parsers in this category were created for your Advanced Analytics environment when none of the existing parsers could parse a particular set of logs. When they are migrated to Log Stream, they are treated like default parsers with one exception: Exabeam does not deliver updates to these parsers. You cannot modify these parsers but you can customize them.
The Custom Default categorization ensures that no existing parser with the same name is overwritten during the migration to Log Stream. It also indicates that the parser came from a previous deployment.