Parsers
Table of contents
For each device integration/feed, Fluency will treat it as a logical “event stream”. Each event stream should be associated with a correct parser. Since Event processing is done on the server side, this configuration only needs to be done once, on the server, per each different event type.
Refer to the Supported Devices for a full list of currently supported devices. Fluency’s event parser utilizes open-source Grok patterns. If your device is not supported, a new parser could be added easily on request.
Event Parser Configuration
Login to the Fluency Cloud portal: https://companyname.cloud.fluencysecurity.com.
Open the main dropdown menu and choose the Event Parsers option under the Data Ingress section.
Event processing configuration is shown below.
There are two event streams on the Event Stream Configuration: “input to be processed”, “data to be discarded”. In the above figure, all the event pipes are attached to the input stream. The choice of streams can be seen by clicking the pencil icon or “+ ADD” icon to edit/add a event processing rule. In the pop-up window, click “Advanced” and then you can open the drop-down menu of “Stream Location”.
Then, we can define a list of “match fields” on “@sender”, “@source”, “@tags”, “@group” and “@message” fields. An “Exclude” checkbox is available to “invert” the match result. Incoming event will be “selected” if all matches evaluated to be “true”. Here we create a rule to match the “@sender” field with an IP address- 10.1.0.50 (press enter after typing in).
The next section is the “Event filters”; here we can add one, or multiple, predefined filters to be applied to the selected events by clicking the “Filter Selection”. The drop-down menu is as below:
Event Stream Lambdas are an advanced feature; The drop-down menu is as below:
Page last updated: 2023 Aug 14