CRIBL - Parser Libraries
Hi all, this is my first post on this forum, so hello. We have just begun to use CRIBL and I am still in a learning phase. I am wondering if there are more parsers that can be added to the library or whether you have to create them yourself? As an example I have a CRIBL instance that is receiving json data from another CRIBL instance (with the data having been prebaked SPLUNK) for a Cisco ASA log. The content of the log entry is in either the raw or Message field and I would like to extract into key value pairs. I have tried the some functions but it looks like I have to do custom regex (and I am not good with regex).
Best Answer
-
Hi Draco3,
You can certainly add your own parsers under Knowledge. You would have to create them yourself based on the format of the logs.
For more prebuilt content I would check out our Packs! https://packs.cribl.io/
There is a pack for Cisco ASA that has some regexes already made.If youd like I can also help you write a regex to extract whatever youd like.
0
Answers
-
Hi Draco3,
You can certainly add your own parsers under Knowledge. You would have to create them yourself based on the format of the logs.
For more prebuilt content I would check out our Packs! https://packs.cribl.io/
There is a pack for Cisco ASA that has some regexes already made.If youd like I can also help you write a regex to extract whatever youd like.
0 -
If you paste an example of the log I can take a look at options of parsing it!
0