Parsers Library

What Are Parsers

Parsers are definitions and configurations for the Parser Function. You can find the library from Cribl Stream’s top nav under Processing > Knowledge > Parsers, and its purpose is to provide an interface for creating and editing Parsers. The library is searchable, and each parser can be tagged as necessary.

Parsers Library
Parsers Library

Parsers can be used to extract or reserialize events. See Parser Function page for examples.

Supported Parser Types:

Creating a Parser

To create a parser, follow these steps:

  1. Go to Knowledge > Parsers and click Add Parser.
  2. Enter a unique ID.
  3. Optionally, enter a Description.
  4. Select a Type (see the supported types above).
  5. Enter the List of fields expected to be extracted, in order. Click this field’s Maximize icon (far right) if you’d like to open a modal where you can work with sample data and iterate on results.
  6. Optionally, enter any desired Tags.
Adding a new parser
Adding a new parser