FieldExtractors

JSON representation
FieldExtractor
- JSON representation
ComparisonOperator
LogFormat
PreProcessConfig
- JSON representation

A representation of a parser extension as a set of field extractors.

JSON representation

JSON representation
{ "extractors": [ { object (`FieldExtractor`) } ], "transformed_cbn_snippet": string, "log_format": enum (`LogFormat`), "append_repeated_fields": boolean, "preprocess_config": { object (`PreProcessConfig`) } }

{
  "extractors": [
    {
      object (FieldExtractor)
    }
  ],
  "transformed_cbn_snippet": string,
  "log_format": enum (LogFormat),
  "append_repeated_fields": boolean,
  "preprocess_config": {
    object (PreProcessConfig)
  }
}

Fields
`extractors[]`	`object (FieldExtractor)` List of FieldExtractors.
`transformed_cbn_snippet`	`string (bytes format)` Output only. CBN snippet generated from field extractors. A base64-encoded string.
`log_format`	`enum (LogFormat)` Format of the log. Ex. CSV,JSON,XML.
`append_repeated_fields`	`boolean` Whether to append repeated fields or not. When false, repeated fields will be replaced.
`preprocess_config`	`object (PreProcessConfig)` Pre-process configuration.

FieldExtractor

An extractor for a single log field.

JSON representation
{ "precondition_path": string, "precondition_value": string, "precondition_op": enum (`ComparisonOperator`), "field_path": string, "destination_path": string, "value": string }

Fields
`precondition_path`	`string` Precondition path could be a json path, xml path or csv column name depending on log format. It refers to a section or substring in raw log.
`precondition_value`	`string` Precondition value.
`precondition_op`	`enum (ComparisonOperator)` Operator used for precondition.
`field_path`	`string` Field path could be a json path, xml path or csv column name depending on log format. It refers to a section or substring in raw log. This is required if the FieldExtractor is used to specify the parser extension.
`destination_path`	`string` Path in generated event which is to be populated. This is required if the FieldExtractor is used to specify the parser extension.
`value`	`string` Value to be mapped to the destination path directly.

ComparisonOperator

Comparison operator used in precondition field.

Enums
`COMPARISON_OPERATOR_UNSPECIFIED`	Comparison operator was unspecified.
`EQUALS`	Comparison operator is equals "==".
`NOT_EQUALS`	Comparison operator is not equals.

LogFormat

Log format of the raw log. valid log formats are JSON, XML and CSV.

Enums
`LOG_FORMAT_UNSPECIFIED`	Log format was unspecified.
`JSON`	Log format was JSON.
`CSV`	Log format was CSV.
`XML`	Log format was XML.

PreProcessConfig

PreProcessConfig holds the GROK expression to extract the syslog header.

JSON representation
{ "grok_regex": string, "target": string }

Fields

Fields
`grok_regex`	`string` GROK Regex to extract the structured part of the log. syntax documentation: www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html
`target`	`string` Target field name for the structured part of the log. This should match a SEMANTIC identifier from the grok expression.

grok_regex

string

GROK Regex to extract the structured part of the log. syntax documentation: www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html

target

string

Target field name for the structured part of the log. This should match a SEMANTIC identifier from the grok expression.