This topic provides a description of the configurable options for a Log Decoder in the Parsers Mappings tab.
In the Parsers Mappings tab, Administrators can configure log parser mappings for Log Decoder services. This feature is intended to track a subset of of Event Sources that is parsing against the wrong parser. The Parser Mappings tab must be enabled before you can see it in the Services Config view.
Procedures associated with the Parser Mappings tab are provided in (For 10.5.1.1 or later) Access Parser Mappings.
To access this tab:
- In the Security Analytics menu, select Administration > Services.
- Select a service and >View > Config.
The Config view for the selected service is displayed.
- Click the Parsers Mapping tab.
This is an example of the tab.
The Parser Grid lists all parsers that are currently mapped on the Log Decoder. The Parser Tab Toolbar has options to work with parser mappings in the grid.
Parser Mappings Toolbar
The Parser Mappings Toolbar has options to work with parser mappings in the grid.
|Add a parser mapping.|
|Delete the selected parser mapping.|
|Edit a parser mapping.|
|Refresh the list of parser mappings.|
|Display the Actions menu. |
Parser Mappings Grid
The Parser Mappings grid lists all parsers that are currently mapped on the Log Decoder.
|Host||Displays the IP address of the host.|
|Event Source|| |
Displays the Event Sources that are parsing incorrectly.