Configuration processes

The configuration builder provides the possibility to add Processes to your configuration. Configuration processes are the building blocks of advanced log processing. The configuration builder displays the available processes that you can execute on log events under Configuration snippets. You can drag and drop a process to a process slot to add it to the configuration. Configure processes by clicking on the cogwheel icon after you drop the process into a configuration.

Some processes require extension modules. For example Parse JSON requires the extension module JSON (xm_json). Configure the extensions required by your configuration template in Extensions.

Table 1. Configuration processes explained
Process	Description
If-Else condition	Conditions help you define if-then-else statements and set operators for your condition. The text fields on both sides of the operators offer an autosuggest feature. For more information about statements, see the Statements page in the NXLog Agent Reference Manual.
Add field	Using this process, you can define new fields. The input fields here provide an autosuggest feature. For more information about fields, see the Core fields page in the NXLog Agent Reference Manual.
Drop event	This process allows you to conditionally discard log messages. For more information on procedures such as drop, see the Core procedures page in the NXLog Agent Reference Manual.
Log	Allows you to send the defined log data to an NXLog Agent’s internal log with the chosen severity. The input field here provides an autosuggest feature. For more information on procedures such as log, see the Core procedures page in the NXLog Agent Reference Manual.
Exec statement	You can use the Exec statement process to include statements in your configuration executed when receiving logs. See the Exec section in the NXLog Agent Reference Manual to learn more.
Convert to (format)	Convert the fields in the log message to one of the supported formats, and return the result as the `$raw_event` field. For more information about formatting log data in the available formats, see the following pages in the NXLog Agent Reference Manual: Syslog (xm_syslog) XML (xm_xml) JSON (xm_json) KVP (xm_kvp) CEF (xm_cef) LEEF (xm_leef) CSV (xm_csv)
Extract (format)	Extract the log data from a specific node in the `$raw_event` field, and return the result as the `$raw_event` field. For more information about extracting log data from one the available formats, see the following pages in the NXLog Agent Reference Manual: XML (xm_xml) JSON (xm_json)
Parse (format)	Parse the fields in the log message to one of supported formats. For more information about parsing log data to one of the available formats, see the following pages in the NXLog Agent Reference Manual: Syslog (xm_syslog) XML (xm_xml) JSON (xm_json) KVP (xm_kvp) CEF (xm_cef) LEEF (xm_leef) CSV (xm_csv)