Parser Template

Use this template to create a correctly defined parser.

name: template
tests: []
$schema: https://schemas.humio.com/parser/v0.3.0
script: |
  // #region PREPARSE
  /************************************************************
  ****** Parse timestamp and log headers
  ****** Extract message field for parsing
  ****** Parse structured data
  ************************************************************/


  // #endregion

  // #region METADATA
  /************************************************************
  ****** Static Metadata Definitions
  ************************************************************/
  | ecs.version := "8.11.0"
  | Cps.version := "1.0.0"
  | Parser.version := "1.0.0"
  | Vendor := ""
  | event.module := ""
  | event.dataset := ""

  // #endregion

  // #region NORMALIZATION
  /************************************************************
  ****** Parse unstructured data (i.e. message field)
  ****** Normalize fields to data model
  ************************************************************/


  // #endregion

  // #region POST-NORMALIZATION
  /************************************************************
  ****** Post Normalization
  ****** Custom parser logic needed after normalization
  ************************************************************/


  // #endregion

tagFields:
- Cps.version
- Vendor
- ecs.version
- event.dataset
- event.kind
- event.module
- event.outcome
- observer.type

Completed Parsers

Click on the links below to download completed parsers.

• AWS CloudTrail
• AWS RDS MySQL
• AWS WAF
• Zscaler Deception