Hi all, this is my first post on this forum, so hello. We have just begun to use CRIBL and I am still in a learning phase. I am wondering if there are more parsers that can be added to the library or whether you have to create them yourself? As an example I have a CRIBL instance that is receiving json data from another CRIBL instance (with the data having been prebaked SPLUNK) for a Cisco ASA log. The content of the log entry is in either the raw or Message field and I would like to extract into key value pairs. I have tried the some functions but it looks like I have to do custom regex (and I am not good with regex).
Solved
CRIBL - Parser Libraries
Best answer by Kyle McCririe
Hi Draco3,
You can certainly add your own parsers under Knowledge. You would have to create them yourself based on the format of the logs.
For more prebuilt content I would check out our Packs! https://packs.cribl.io/
There is a pack for Cisco ASA that has some regexes already made.
If youd like I can also help you write a regex to extract whatever youd like.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.