The Log Parser feature allows users to define custom parsing rules to structure raw logs into meaningful fields. By using Grok patterns, users can extract structured data such as timestamps, log levels, and messages from incoming log streams. 

To configure a Log Parser:

1. Go to Settings from the main sidebar.

2. Select Configurations.

3. Click Log Management.

4. Open the Log Parsers tab.

This section displays all configured log parsers and allows users to create or modify them.

Creating a New Log Parser

To create a new parser:

1. Click + Configure Parser

2. The Edit Parser panel opens on the right side

3. Provide required configuration

4. Validate parsing with sample logs

5. Save the parser

1. Parser Name

Field: Name

Defines the unique identifier for the parser.

2. Grok Pattern

Field: Grok Pattern

A Grok pattern is used to extract structured fields from log messages.

Grok combines regular expressions with predefined patterns to match log formats.

3. Sample Logs

Field: Sample Logs

Used to validate the Grok pattern before saving the parser.

Requirements

• Each log entry must be on a new line

• The system treats them as an array of log strings

4. Parsed Logs (Preview)

This section shows the parsed output generated from sample logs.

To generate preview:

1. Click Click to View Parsed Logs

2. System applies the Grok pattern

3. Structured output is displayed

Save the changes.