REST Resource: projects.locations.instances.logTypes.parsers

Resource: Parser

Parser converts a raw log to UDM Events.

JSON representation 
{
  "name": string,
  "creator": {
    object (Creator)
  },
  "create_time": string,
  "changelogs": {
    object (Changelogs)
  },
  "parser_extension": string,
  "type": enum (Type),
  "state": enum (State),
  "validation_report": string,
  "validated_on_empty_logs": boolean,

  // Union field config can be only one of the following:
  "cbn": string,
  "low_code": {
    object (LowCodeParser)
  }
  // End of list of possible types for union field config.

  // Union field stage can be only one of the following:
  "release_stage": enum (ReleaseStage),
  "validation_stage": enum (ValidationStage)
  // End of list of possible types for union field stage.
}
Fields
name

string

Output only. name of the parser resource.
creator

object (Creator)

Output only. Creator of the parser.
create_time

string (Timestamp format)

Output only. Time at which parser was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
changelogs

object (Changelogs)

Output only. Represents all the changes made into this parser.
parser_extension

string

Output only. Extension applied over the parser, if any.
type

enum (Type)

Output only. The type of the parser
state

enum (State)

Output only. The state of the parser
validation_report

string

Output only. The Validation report generated during parser validation.
validated_on_empty_logs

boolean

Optional. Flag to bypass parser validation when no logs are found. If enabled, the parser won't be be rejected during the validation phase when no logs are found.
Union field config. Config of the parser. config can be only one of the following:
cbn

string (bytes format)

if the parser is built using config documentation: https://cloud.google.com/chronicle/docs/preview/parser-extensions/parsing-overview

A base64-encoded string.
low_code

object (LowCodeParser)

if the parser is built using the low code feature.

Union field stage.

stage can be only one of the following:
release_stage

enum (ReleaseStage)

Output only. The release stage of the parser After internal validations the prebuilt parser will directly start as Release Candidate. The release_stage of prebuilt parsers are changed after every release cycle: The prebuilt Release Candidate parser is promoted as Release parser. The existing prebuilt Release parser is moved to Rollback state. and existing prebuilt rollback parser is moved to Archived. In case of custom parser: When the customer submits a validation passed custom parser it starts as Release state. And existing one is moved to Rollback stage. And the existing rollback is moved to Archived. In case a release or release candidate parser is found faulty, the parser is marked FAULTY, if it is release parser then rollback candidate is moved to release.
validation_stage

enum (ValidationStage)

Output only. The validation stage of the parser When a customer submits a new parser for validation, it starts with a new stage. When parser is picked for validation, it changes to Validation state. If validation failed it is marked as failed, and existing failed is moved to delete_candidate stage. If passes it is moved to passed stage. If customer opts to submit it, the parser is moved to Release State.

LowCodeParser

Message to represent LowCodeParser.

JSON representation 
{
  "field_extractors": {
    object (FieldExtractors)
  },
  "log": string
}
Fields
field_extractors

object (FieldExtractors)

Represents the mapping logic of input to output.
log

string (bytes format)

The log used to create this low code parser in the UI.

A base64-encoded string.

ReleaseStage

ReleaseStage represents the possible release stages of the parser.

Enums
RELEASE_STAGE_UNSPECIFIED The release stage is not specified.
RELEASE The parser is RELEASED and can be used in production.
RELEASE_CANDIDATE The prebuilt parser is a release candidate.
ROLLBACK_CANDIDATE The prebuilt parser is a rollback candidate.
ARCHIVED The parser has been ARCHIVED.
FAULTY The parser has been marked faulty, and is available for auto deletion.

ValidationStage

ValidationStage represents the possible validation states of the parser.

Enums
VALIDATION_STAGE_UNSPECIFIED The validation stage is not specified.
NEW The custom parser is submitted for validation.
VALIDATING The custom parser is currently going through the validation pipeline
PASSED The custom parser has successfully passed the validation.
FAILED The custom parser has failed validation.
DELETE_CANDIDATE The parser is no good, It is available for auto deletion.
INTERNAL_ERROR Internal error occurred during validation.

Creator

Information about the creator of the parser.

JSON representation 
{
  "customer": string,
  "author": string,
  "source": enum (Source)
}
Fields
customer

string

Output only. The customer who created it, This can represent the partner as well. In case of prebuilt parser this will be empty.
author

string

Output only. The name of the author, who created this parser.
source

enum (Source)

Output only. The source of the parser.

Source

Source represents the source of the parser.

Enums
SOURCE_UNSPECIFIED Source is unspecified.
GOOGLE A prebuilt parser, present in Google's system.
CUSTOM_GOOGLE_OVERRIDE The custom parser copied from a prebuilt parser and present in Google's system.
PARTNER The custom parser, made by a partner.
CUSTOMER The customer parser, made by the customer.

Changelogs

Changelogs of a parser.

JSON representation 
{
  "entries": [
    {
      object (ChangeEntry)
    }
  ]
}
Fields
entries[]

object (ChangeEntry)

all the changelog of a parser.

ChangeEntry

Represents a single change entry.

JSON representation 
{
  "create_time": string,
  "change_message": string
}
Fields
create_time

string (Timestamp format)

Time at which changelog was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
change_message

string

The changelog message.

Type

Type represents type of the parser.

Enums
TYPE_UNSPECIFIED Type is unspecified.
CUSTOM The parser is specific to a customer or partner.
PREBUILT The parser is created and managed by Google Cloud in Chronicle

State

State of the parser.

Enums
STATE_UNSPECIFIED State is unspecified.
ACTIVE The parser is active.
INACTIVE The parser is inactive.

Methods

activate

 ActivateParser switches the customer to use requested parser, This will set the Parser state to ACTIVE.

activateReleaseCandidateParser

 ActivateReleaseCandidateParser makes the release candidate parser live for that customer.

copy

 CopyPrebuiltParser makes a copy of a prebuilt parser.

create

 Create a parser.

deactivate

 DeactivateParser deactivates the requested parser, and activates the prebuilt release parser.

delete

 Delete a parser.

get

 Get a parser.

list

 List all parsers.