FieldExtractors

JSON representation
FieldExtractor
- JSON representation
ComparisonOperator
LogFormat
PreProcessConfig
- JSON representation

A representation of a parser extension as a set of field extractors.

JSON representation

JSON representation
{ "extractors" : [ { object ( `FieldExtractor` ) } ] , "transformedCbnSnippet" : string , "logFormat" : enum ( `LogFormat` ) , "appendRepeatedFields" : boolean , "preprocessConfig" : { object ( `PreProcessConfig` ) } }

 { 
 "extractors" 
 : 
 [ 
 { 
 object (  FieldExtractor 
 
) 
 } 
 ] 
 , 
 "transformedCbnSnippet" 
 : 
 string 
 , 
 "logFormat" 
 : 
 enum (  LogFormat 
 
) 
 , 
 "appendRepeatedFields" 
 : 
 boolean 
 , 
 "preprocessConfig" 
 : 
 { 
 object (  PreProcessConfig 
 
) 
 } 
 }

Fields
`extractors[]`	`object ( FieldExtractor )` List of FieldExtractors.
`transformedCbnSnippet`	`string ( bytes format)` Output only. CBN snippet generated from field extractors. A base64-encoded string.
`logFormat`	`enum ( LogFormat )` Format of the log. Ex. CSV,JSON,XML.
`appendRepeatedFields`	`boolean` Whether to append repeated fields or not. When false, repeated fields will be replaced.
`preprocessConfig`	`object ( PreProcessConfig )` Pre-process configuration.

FieldExtractor

An extractor for a single log field.

JSON representation
{ "preconditionPath" : string , "preconditionValue" : string , "preconditionOp" : enum ( `ComparisonOperator` ) , "fieldPath" : string , "destinationPath" : string , "value" : string }

Fields
`preconditionPath`	`string` Precondition path could be a json path, xml path or csv column name depending on log format. It refers to a section or substring in raw log.
`preconditionValue`	`string` Precondition value.
`preconditionOp`	`enum ( ComparisonOperator )` Operator used for precondition.
`fieldPath`	`string` Field path could be a json path, xml path or csv column name depending on log format. It refers to a section or substring in raw log. This is required if the FieldExtractor is used to specify the parser extension.
`destinationPath`	`string` Path in generated event which is to be populated. This is required if the FieldExtractor is used to specify the parser extension.
`value`	`string` Value to be mapped to the destination path directly.

ComparisonOperator

Comparison operator used in precondition field.

Enums
`COMPARISON_OPERATOR_UNSPECIFIED`	Comparison operator was unspecified.
`EQUALS`	Comparison operator is equals "==".
`NOT_EQUALS`	Comparison operator is not equals.

LogFormat

Log format of the raw log. valid log formats are JSON, XML and CSV.

Enums
`LOG_FORMAT_UNSPECIFIED`	Log format was unspecified.
`JSON`	Log format was JSON.
`CSV`	Log format was CSV.
`XML`	Log format was XML.

PreProcessConfig

PreProcessConfig holds the GROK expression to extract the syslog header.

JSON representation
{ "grokRegex" : string , "target" : string }

Fields

Fields
`grokRegex`	`string` GROK Regex to extract the structured part of the log. syntax documentation: www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html
`target`	`string` Target field name for the structured part of the log. This should match a SEMANTIC identifier from the grok expression.

grokRegex

string

GROK Regex to extract the structured part of the log. syntax documentation: www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html

target