In the key value structure, we can create the log type structure in our own form and start working.
timestamp=2024-10-30T10:01:58|source_ip=<1.1.1.44>|mac_address=(01-23-45-67-89:ab)|process=sapd_123123|process_id=8634|event_code=33312|severity=NOTI|source=AP Logsign-Turkey@1.1.1.77 sapd|device_type=ap|zone=zone0|message_type=ERROR|destination_ip=10.10.0.10|tunnel=none|error_code=RC_ERROR_IKEP1
In this log parse method, I am passing the fields to be considered below.
We need to pay attention to the = next to the timestamp data we selected as a pattern. The equivalent of this field in the form is Key Delimiter.
Key Delimiter types;
We can interpret the Pair Delimiter part as the separator where the logs are separated.
Pair Delimiter types;
We continue by selecting the pattern and selecting the field we want to match.
The Value Strip Policy field refers to the special character we want to ignore at the beginning and end of the field containing the log, or the space at the beginning of the log.
We have several methods here.
After this process, when we test, we will see that the value strip policy value we selected goes from the beginning and end of the log.
This way we can assign the entire log to the fields we want and then save and deploy it.
You can use Static mapping in logs. At this stage, you need to take reference from the Log Message List.
However, if you want to make a mapping with file, you can find what you need to do specific to that method under Parse with JSON.