Parser Types
Exabeam categorizes parsers in Log Stream by type, according to where they originated and how they can be handled. These parser type categories are useful for filtering a list of parsers when you are looking for a specific individual parser or set of parsers. Log Stream parser types include the following:
Default Parsers – These are pre-built Exabeam parsers. Exabeam delivers updates to these parsers via Content Packages. You cannot modify these parsers but you can customize them.
Customized Default Parsers – These are default parsers that you have customized in Log Stream by using the Edit Parser options to add new fields or event builders. When Exabeam pushes updates to the parser via a new Content Package, your customizations are retained. You can modify or delete these parsers. 
Custom Parsers – These are parsers that have been created in, or imported into, your Log Stream environment. You have full control over updating or deleting them.- Custom Default Parsers – These are a specific set of customized parsers that were migrated from Advanced Analytics. The parsers in this category were created for your Advanced Analytics environment when none of the existing parsers could parse a particular set of logs. When they are migrated to Log Stream, they are treated like default parsers with one exception: Exabeam does not deliver updates to these parsers. You cannot modify these parsers but you can customize them.
The Custom Default categorization ensures that no existing parser with the same name is overwritten during the migration to Log Stream. It also indicates that the parser came from a previous deployment.