Skip to main content
Solved

Is anyone else having trouble with the JOURNALD parser that doesn't normalize event fields to UDM?

  • October 6, 2025
  • 2 replies
  • 29 views
ar3diu
Forum|alt.badge.img+8

All Journald fields end up in the extracted_fields.

https://cloud.google.com/chronicle/docs/ingestion/parser-list/journald-changelog

Best answer by cmmartin_google

A parser updated was recently added and is expected to start rolling out from the 7th October onwards that will normalize those JOURNALD added fields.

2 replies

cmmartin_google
Staff
Forum|alt.badge.img+10
  • cmmartin_google
  • Staff
  • 122 replies
  • Answer
  • October 6, 2025

A parser updated was recently added and is expected to start rolling out from the 7th October onwards that will normalize those JOURNALD added fields.

ar3diu
Forum|alt.badge.img+8
  • ar3diuBronze 5
  • Author
  • Bronze 5
  • 36 replies
  • October 14, 2025

@cmmartin_google Is there anything we should do to get the update?

I checked the logs this morning and the `metadata.parser_version = "1.0"`. Also, no updates in the docs page: https://cloud.google.com/chronicle/docs/ingestion/parser-list/journald-changelog 


Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.