I was wondering how is Cribl implementing OCSF mappings?

<@U02ELKX57CH&gt; <@U02PA4EAP1S&gt; ^^^

Hi <@U04S0RP486P&gt;, I can walk you through how we do it. Currently we only support the network activity class, but several more classes are 'work in progress'. If you don't mind me asking, what is your use case for it?

Hello <@U02ELKX57CH&gt; I was thinking for example use cases to structure like syslog messages better, putting it in OCSF format

will DM you so we can go into this further

We have a need for this internally <@U02ELKX57CH&gt; so I'd like to see how we could expand our support. <@U01LSBF5953&gt; does this factor into your Rosetta pack?

If there's mappings for Windows OS logs for OCSF I can add them to the Rosetta pack

Not really sure what your intentions were for Rosetta, it's for Windows logs only?

In general, there's a market need for an any to any mapper. Not sure the product is helping us as much as it could there. It's certainly a set of ideas on the backlog to make mapping schemas easier.

I mean naming wise, maybe quality it more then :slightly_smiling_face:

> it's for Windows logs onlyYes

https://github.com/bdalpe/cribl-rosetta-pack

Ocsf is massive in structure, we should chat <@U01LSBF5953&gt;

OCSF, OTel, its like when big vendors get together they just want to make things more complicated

It's a meta-schema

Lol

I use that in my slides for ocsf when talking about it