Question

Google SecOps Custom parser not getting validated

Forum|Forum|23 hours ago
May 5, 2026
4 replies
21 views

Manoj Kanadi
New Member

I have created a new(custom) log type, Then created a custom parser for that specific log type.
When I try to parse the log on UI, I get the correct UDM mapping.

But when I try to send logs from the python script and check from Investigation > SIEM Search, i see that those logs are unparsed

The issue that i am facing is - while validating the parser, I am getting error -

Error:

No sample logs exist for this log type in the last 30 days.

Can someone please help me understand how can I make logs available for this parser to get validated?

Thanks in advance for your guidance.

+12

cmorris
Staff
Forum|Forum|23 hours ago
May 5, 2026

Based on the error from the parser, it sounds like the logs are not being set to the logtype the parser would expect, so they are not being sent to the parser. https://docs.cloud.google.com/chronicle/docs/reference/ingestion-methods#importlogs:~:text=Types/%7B-,log_type,-%7D

Like

Manoj Kanadi
Author
New Member
Forum|Forum|23 hours ago
May 5, 2026

@cmorris , I have created a new log type with name CEF_CUSTOM. And i want to create a parser for this specific log type(CEF_CUSTOM).

Like

+12

cmorris
Staff
Forum|Forum|23 hours ago
May 5, 2026

Take a look at the link from my first post and make sure that you are setting the correct logtype in the request payload

https://docs.cloud.google.com/chronicle/docs/reference/ingestion-methods#importlogs:~:text=Types/%7B-,log_type,-%7D

Like

+11

hzmndt
Staff
Forum|Forum|4 hours ago
May 6, 2026

It might take a while for the new log type to be synced within the platform. try again after a while, if still faced the same, suggest to open a support case to check the backend.

Like

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded