Decoder: Services Config View - Parser Mappings Tab

Document created by RSA Information Design and Development on Sep 13, 2017Last modified by RSA Information Design and Development on Oct 11, 2017
Version 6Show Document
  • View in full screen mode
 

This topic provides a description of the configurable options for a Log Decoder in the Parser Mappings tab.

In the Parser Mappings Administrators can configure log parser mappings for Log Decoder services. To access the Parser Mappings tab, go to ADMIN > Services > select a service and click Actions menu > View > Config > Parser Mappings tab.

Note: You can also configure log parser mappings for Log Decoder services by navigating to ADMIN > Services > Event Sources > Discovery.

This feature is intended to track a subset of Event Sources that is parsing against the wrong parser.

What do you want to do?

                  

User Role

I want to...Documentation
AdministratorManage IPs for Event Source Mapping.Enable Parser Mappings

Related Topics

Quick Look

This is an example of the tab.

This is an example of the Parser Mappings tab.

             
1Parser Mappings Toolbar - Provides options to work with parser mappings in the grid
2Parser Mappings Grid - Lists all parsers that are currently mapped on the Log Decoder

Parser Mappings Toolbar

The Parser Mappings toolbar has options to work with parser mappings in the grid.

                               
FeatureDescription
Add icon Add a parser mapping.
Delete icon Delete the selected parser mapping.
Edit icon Edit a parser mapping.
Refresh icon Refresh the list of parser mappings.
Display the Actions menu.
  • Import - Import a parser mapping to a file.
  • Export - Save a parser mapping to a file.

Parser Mappings List

The Parser Mappings list displays all parsers that are currently mapped on the Log Decoder.

                   
ParameterDescription
Host Displays the IP address of the host.
Event Source Displays the Event Sources that are parsing incorrectly.

Parser Mappings Editor Dialog

The Parser Mappings Editor dialog allows you to update an IP to event source mapping.

To access the Parser Mappings Editor dialog, follow these steps:

  1. In the NetWitness Suite menu, select ADMIN > Services.
  2. Select a Log Decoder, and in the Actions column, select Actions menu > View > Config.
    The Services Config view is displayed.
  3. Select the Parser Mappings tab.
  4. ClickThe add icon.

    The Mapping Editor dialog is displayed.


    For more information on the Parser Mapping Editor dialog, refer to Enable Parser Mappings.

You are here
Table of Contents > Decoder and Log Decoder References > Services Config View - Parser Mapping Tab

Attachments

    Outcomes