Hi all, this is my first post on this forum, so hello. We have just begun to use CRIBL and I am still in a learning phase. I am wondering if there are more parsers that can be added to the library or whether you have to create them yourself? As an example I have a CRIBL instance that is receiving json data from another CRIBL instance (with the data having been prebaked SPLUNK) for a Cisco ASA log. The content of the log entry is in either the raw or Message field and I would like to extract into key value pairs. I have tried the some functions but it looks like I have to do custom regex (and I am not good with regex).
Page 1 / 1
Hi Draco3,
You can certainly add your own parsers under Knowledge. You would have to create them yourself based on the format of the logs.
For more prebuilt content I would check out our Packs! https://packs.cribl.io/
There is a pack for Cisco ASA that has some regexes already made.
If youd like I can also help you write a regex to extract whatever youd like.
If you paste an example of the log I can take a look at options of parsing it!
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.