FieldExtractors

JSON representation
FieldExtractor
- JSON representation
ComparisonOperator
LogFormat
PreProcessConfig
- JSON representation

A representation of a parser extension as a set of field extractors.

JSON representation

JSON representation
{ "extractors": [ { object (`FieldExtractor`) } ], "transformedCbnSnippet": string, "logFormat": enum (`LogFormat`), "appendRepeatedFields": boolean, "preprocessConfig": { object (`PreProcessConfig`) } }

{
  "extractors": [
    {
      object (FieldExtractor)
    }
  ],
  "transformedCbnSnippet": string,
  "logFormat": enum (LogFormat),
  "appendRepeatedFields": boolean,
  "preprocessConfig": {
    object (PreProcessConfig)
  }
}

Fields
`extractors[]`	`object (FieldExtractor)` List of FieldExtractors.
`transformedCbnSnippet`	`string (bytes format)` Output only. CBN snippet generated from field extractors. A base64-encoded string.
`logFormat`	`enum (LogFormat)` Format of the log. Ex. CSV,JSON,XML.
`appendRepeatedFields`	`boolean` Whether to append repeated fields or not. When false, repeated fields will be replaced.
`preprocessConfig`	`object (PreProcessConfig)` Pre-process configuration.

FieldExtractor

An extractor for a single log field.

JSON representation
{ "preconditionPath": string, "preconditionValue": string, "preconditionOp": enum (`ComparisonOperator`), "fieldPath": string, "destinationPath": string, "value": string }

Fields
`preconditionPath`	`string` Precondition path could be a json path, xml path or csv column name depending on log format. It refers to a section or substring in raw log.
`preconditionValue`	`string` Precondition value.
`preconditionOp`	`enum (ComparisonOperator)` Operator used for precondition.
`fieldPath`	`string` Field path could be a json path, xml path or csv column name depending on log format. It refers to a section or substring in raw log. This is required if the FieldExtractor is used to specify the parser extension.
`destinationPath`	`string` Path in generated event which is to be populated. This is required if the FieldExtractor is used to specify the parser extension.
`value`	`string` Value to be mapped to the destination path directly.

ComparisonOperator

Comparison operator used in precondition field.

Enums
`COMPARISON_OPERATOR_UNSPECIFIED`	Comparison operator was unspecified.
`EQUALS`	Comparison operator is equals "==".
`NOT_EQUALS`	Comparison operator is not equals.

LogFormat

Log format of the raw log. valid log formats are JSON, XML and CSV.

Enums
`LOG_FORMAT_UNSPECIFIED`	Log format was unspecified.
`JSON`	Log format was JSON.
`CSV`	Log format was CSV.
`XML`	Log format was XML.

PreProcessConfig

PreProcessConfig holds the GROK expression to extract the syslog header.

JSON representation
{ "grokRegex": string, "target": string }

Fields

Fields
`grokRegex`	`string` GROK Regex to extract the structured part of the log. syntax documentation: www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html
`target`	`string` Target field name for the structured part of the log. This should match a SEMANTIC identifier from the grok expression.

grokRegex

string

GROK Regex to extract the structured part of the log. syntax documentation: www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html

target