ParserRules Tab
This tab contains details about the rules for the default logparser, as well as any other custom rules and logparsers that have been defined.
To access this tab, go to (C...
LogParser CustomizationLog Parser Customization
Note: The JSON Mapping information in this guide applies to NetWitness Version 11.5 and later.
You use the LogParserRules view (available from t...
...bility to create custom rules for logparsers. You can create rules to change how meta values are parsed for a particular logparser. Prior to version 11.2, you could only view the out-of-the-box logparser...
Appendix B: Move LogParsers to ProductionAppendix B: Move LogParsers to Production
You may have a development or test environment where you work on new and updated logparsers and logparserrules...
...Issue
Logparserrules created as per Documentation. However, the messages required parsing is not working.
Cause
There are two use cases for dynamic parsing with the current s...
...
Issue
When trying to deploy LogParserRules to Log decoders. It throws "failed deploying rules to some Log Decoders for logparser" error as below. Image description Below log r...
Documentation Link: Log Parsing Customization Guide for RSA NetWitness Platform 11.x - Table of Contents This video covers the building of a logparser using the LogParserRules...
Default LogParser and LogParserRules
Note: The information in this topic applies to NetWitness Version 11.1 and later.
This tab displays information about pattern matching and rules for the parser...
...You can add a logparser to extend the functionality for an existing parser. For example, if you have some unknown messages for the Cisco Pix parser, you could add rules to match your unknowns.
I...
