Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

AnsweredAssumed Answered

Multiline parser

Question asked by Yogesh Mavani on Aug 14, 2017
Latest reply on Aug 14, 2017 by Joe Gumke

Like • Show 0 Likes0
Comment • 2

How to create multi line parser ?

Ex Logs : filed 1 = value1

filed 2 = value2

field 3 = value3

i want to create parser for this kind of logs. I am use to create parser for single line logs.

But not multi line logs.

No one else has this question

Outcomes

2 Replies

Dave Glover Aug 14, 2017 9:56 AM
Mark Correct
Correct Answer
Unfortunately Netwitness can only handle single line log messages.

You would need to use a preprocessor such as a perl or python script to convert it into a single line, and then send it into Netwitness

Thanks

Dave
Like • Show 0 Likes0
Actions
Joe Gumke Aug 14, 2017 10:40 AM
Mark Correct
Correct Answer
hi yogesh,

I'd recommend submitting a feature request for this. we have a couple event sources that we cannot parse because of this limitation as well. The most requests for this, the more cannon fodder we can get RSA to push this ability.
Like • Show 0 Likes0
Actions

Recommended Content