4 Replies Latest reply on Jun 16, 2017 2:29 AM by marcotiz

    SIEM custom parser


      Hi all,



      i'm trying to create a simple custom parser in CEF format. Every filed matches correctly when I test a log as a semple data in parser creation phase. Once created and deployed the custom parser on a specific data source, parser does not works. I tried to upload the same log used during parser creation but it does not match. What could be the problem?



      thanks in advance for the answers