What is log normalization?
Log normalization is usually required to format log data according to the platform taxonomy when forwarding events to a SIEM or log analysis platform. Almost all SIEM solutions have taxonomies for different types of logs.
Normalization enables SIEMs to interpret logs from diverse sources efficiently, facilitates event correlation, and makes it easier for you to work with the data in dashboards and reports.
- In the world of NXLog
NXLog enables you to translate logs from different sources into a single taxonomy. Once log data is parsed, you can map event fields to the required schema, enrich log records with additional fields, and output events in a different format.
Normalization may require log records to include standard metadata fields, such as labels describing the environment where the event originated and keywords to tag the event. Such data might not be part of the event record but must be added from an external source. NXLog provides several methods to enrich log records.
- Known as
log normalization, normalizing logs, log transformation, normalizing log data