Standard Enricher¶

Standard Enricher enriches the parsed event with additional fields. The enrichment takes place after one of the cascade parsers within the parsing group successfully matched and parsed the original input.

Example¶

---
define:
  name: Example of standard enricher
  type: enricher/standard
  field_alias: field_alias.default

enrich:
  - !DICT
    with: !EVENT
    set:
      myEnrichedField:
        !LOWER
        what: "You Have Been Enriched"

Section `define`¶

This section contains the common definition and meta data.

Item `name`¶

Shorter human-readable name of the enricher's declaration.

Item `type`¶

The type of this declaration, must be enricher/standard.

Item `field_alias`¶

Name of the field alias lookup to be loaded, so that alias names of event attributes can be used in the declaration alongside their canonical names.

Item `description` (optional)¶

Longed, possibly multiline, human-readable description of the declaration.

Section `enrich`¶

This section specifies the actual enrichment of the incoming event. It expects a dictionary to be returned.

Typical statements in `enrich` section¶

!DICT statement allows to add fields / attributes to the already parsed event

Standard Enricher¶

Example¶

Section define¶

Item name¶

Item type¶

Item field_alias¶

Item description (optional)¶

Section enrich¶

Typical statements in enrich section¶