Parsers Library
What Are Parsers
Parsers are definitions and configurations for the Parser Function. You can find the library from Cribl Stream’s top nav under Processing > Knowledge > Parsers, and its purpose is to provide an interface for creating and editing Parsers. The library is searchable, and each parser can be tagged as necessary.
Parsers can be used to extract or reserialize events. See Parser Function page for examples.
Supported Parser Types:
- CSV – Parse and reserialize comma-separated values.
- ELFF – Parse and reserialize events in Extended Log File Format.
- CLF – Parse and reserialize events in Common Log Format.
Creating a Parser
To create a parser, follow these steps:
- Go to Knowledge > Parsers and click Add Parser.
- Enter a unique ID.
- Optionally, enter a Description.
- Select a Type (see the supported types above).
- Enter the List of fields expected to be extracted, in order. Click this field’s Maximize icon (far right) if you’d like to open a modal where you can work with sample data and iterate on results.
- Optionally, enter any desired Tags.