parse using public/ ?
Where can I find a list of all "public/" pre-defined parsers? I've been able to find /apache, /iis, /windows. But are there more? And, where are these three already defined? What if I want to change it? Or adding more?
-
Hi Michael,
We have deprecated these public parser with a view to extending/improving them. Some of them might still be working. However, we would like to actually point you towards the use of Field Extraction rules, which will pre-parse the data in your log messages on ingest and is what we are suggesting moving forward. This significantly improves the speed at query time and also allows users to see the fields immediately as part of the field browser. Most of the public parsers have been converted to Field Extraction templates that can be used during Field Extraction creation. More help on Field Extraction can be found through the following additional links.
Field Extraction: https://help.sumologic.com/Manage/Search_Optimization_Tools/Manage_Field_Extractions
Field Browser: https://help.sumologic.com/Search/Get_Started_with_Search/How_to_Use_the_Search_Page/Field_Browser
Hope this helps.
Please sign in to leave a comment.
Comments
1 comment