The Manage Parser Mappings dialog allows you to map the appropriate parsers for selected Event Source addresses. From the Details view, select the Map button.
This workflow shows the overall process for configuring event sources.
*You can perform this task here.
Displays all the available parsers that you can map based on the event sources that you selected from the Discovery view. Also displays the mappings that are already present in the Log Decoders for the selected event source or the parsers that have been discovered.
To filter your available parsers, type the first few letters of the parser name that you want to map.
You need to select parsers before the Add toMapping button is enabled.
Add the selected parser by clicking the Add to Mapping button in the right panel.
Displays the names of the selected parsers that you want to map.
Click Save to save your mappings to all the Log Decoders. A pop-up message informs you that your mappings are successfully saved. When the window is closed, the banner on the Details tab is updated to reflect the status. If mapped, the text displayed is Mapped.
When mapping multiple device types from the same event source, assign the highest priority to the strictest log parser. Conversely, a log parser with generic headers should be lowest in priority. The CEF log parser is an example of a strict log parser.
Mapping configurations with the Log Collector are not displayed in the Parser Mappings window. If the mapping is saved, it is saved for the corresponding IP address, not for the corresponding Log Collector entry. If no mappings are found for the corresponding IP address, the discovered event source types are displayed in the Parser Mappings window.
If advanced Log Decoder configurations are discovered, a message similar to the one below displays in the Manage Parser Mappings dialog.