NXLog search
Let's talk Start free
Let's talk Start free

NXLog Legacy Documentation

log parsing

What is log parsing?

Description

Log parsing is extracting relevant data from unstructured event log records. Parsing is based on rules to segment messages into named fields or columns. It applies techniques to extract data elements from the incoming log data and split them into individual fields for easier consumption by other systems. A common parsing method is using regular expressions with capturing groups.

In the world of NXLog

Once an input module receives a log record, additional parsing may be required to enhance the log data. NXLog includes dedicated modules for parsing specific data formats. Additionally, the NXLog language supports regular expressions with named capturing groups and provides several string manipulation functions.

Known as

log parsing, log file parsing, event log parsing, log parser

Related

Parsing various log formats
Parsing timestamps
Parsing BIND 9 logs

A   B   C   D   E   F   G   H   I   J   K   L   M   N   O   P   R   S   T   U   V   W   X   Z

A

agent

agent-based log collection

agentless log collection

audit log

B

bandwidth

C

CEF (Common Event Format)

CSV (Comma-separated Values)

D

data source

DNS logging

E

endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

event correlation

F

failover

G

GELF (Graylog Extended Log Format)

H

High Availability (HA)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

kernel log

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

log centralization

log normalization

log parsing

M

MSSP (Managed Security Service Provider)

multi-line logs

N

NetFlow

O

open source

P

pattern

PCI-DSS (Payment Card Industry Data Security Standard)

protocol

R

Raijin database

Remote Access Server Role

S

SCCM (System Center Configuration Manager)

SEM (Security Event Management)

SIM (Security Information Management)

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

SOC (Security Operations Center)

structured logging

syslog

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)/SSL (Secure Sockets Layer)

U

UEBA (User and Entity Behavior Analytics)

UDP (User Datagram Protocol)

V

vendor-agnostic

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows Event ID

WMI (Windows Management Instrumentation)

X

XPath

Z

ZeroMQ