Hello,
How can I perform a transformation to the data in the environment ?
Thank you
Page 1 / 1
Hi Roni,
Could you please elaborate on what you mean by "transformation"? If you mean to convert the raw logs to UDM events, then you can create a parser to do that.
https://cloud.google.com/chronicle/docs/event-processing/manage-parser-updates
Although, most of log sources are covered by our prebuilt parsers.
Hi Roni,
Could you please elaborate on what you mean by "transformation"? If you mean to convert the raw logs to UDM events, then you can create a parser to do that.
https://cloud.google.com/chronicle/docs/event-processing/manage-parser-updates
Although, most of log sources are covered by our prebuilt parsers.
I meant to data cleansing.
Thank you !!
I meant to data cleansing.
Thank you !!
The data has to be in the correct format before arriving to Chronicle. In case the data is not in quite in the correct format (i.e. it has extra information ), you might be able to use our parser grok patterns to attempt to clean up the data, so that it is properly parsed.
https://cloud.google.com/chronicle/docs/reference/parser-syntax#extract_data_using_the_grok_function
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.