Feature Request - support parser selection - Githubissues

humio / issues

Issue Tracker for Humio

4 stars 2 forks source link

Feature Request - support parser selection #16

Closed henrikjohansen closed 5 years ago

henrikjohansen commented 6 years ago

Currently Humio has a one-to-one mapping between events and parsers - it should really be possible to select which parser should be tried based on the actual event content.

Lots of systems have multiple log formats (Cisco ASA is the prime example here) and blindly trying one regex after the other is wasteful. Rather, it should be possible to say :

if event contains "foo" run parser A
if event starts with "bare" run parser B
if event does not contain "baz" run parser C

Might be related to #15

henrikjohansen commented 5 years ago

Should be possible using case {} in the new parsers ...