Parsers

A parser declaration takes an original event or a specific field of a partially parsed event as input, analyzes its individual parts, and stores them as key-value pairs to the event.

LogMan.io Parsec currently supports these types of parser declarations:

• Parser-combinator
• JSON parser
• XML parser
• Windows Event parser
• Stashing parser

Declaration

In order to determine the type of the declaration, you need to specify a define section.

define:
    type: parsec/parser/<declaration_type>