As part of the normalization process, log messages are passed through the Alert Logic® parser to determine if the details match specific parameters. If the parameters are met, then the log messages are tokenized to allow for better searching, alerting, and reporting.
To determine if log messages are considered parsed or not within the Alert Logic console, you will want to look at the "Message Type" column (when viewing the log messages section) and see if the column states "Text" or some other value. If the word "Text" is in the column, that means those log messages are considered "Unparsed" and have fewer options for alerting and reporting. Any other value listed within the "Message Type" column means those log messages are considered "Parsed" and have more options available for searching, alerting, and reporting.
Should you need to have unparsed messages parsed, open a ticket with Alert Logic Support and request a Parser Request Form. Once that form has been filled out and sent back to the Support team, they will get the information over to the Parser Development team. It generally takes three weeks from the time the form has been submitted back to Alert Logic for the parser to be added to the Alert Logic parser system.
Comments
0 comments
Please sign in to leave a comment.