Hi @Rached1996, 

1.  a good pratice is to do a complete backup of the parser before you begin (clone)
2. Use Custom Parsers for Additional Fields
   1. If possible, avoid editing the default parser altogether. Instead, create custom parsers that handle the additional fields or specific logic you need. Custom parsers will remain unaffected by updates to the default parsers.
   2. Use the create extension function if you want to add additional features to the existing parser
3. Watch out for updates to the pre-built / default parser in the release notes (https://cloud.google.com/chronicle/docs/release-notes)

are you extending a pre-built parser or do you have a complete custom one?`

/Max

Hi @Rached1996,

When updating a parser, it will show you the difference between the two, you can replace the left version (previous) with your custom parser, and identify the differences between the new updated version, and your version. When going to validate the parser, the parser is run against the relevant dataset, and metrics are provided which are useful to identify if the parser has any issues relating to normalization issues, parsing errors, delayed time to parse etc.

Kind Regards,

Ayman

hello , thanks for the reply 
i'm getting this message while changing the one on the left ( changing prebuilt with custom ) 

how can i resolve ?

Are you trying to edit from the update page? The update page will show diffs, but you'll need to edit the custom parser via the edit option for that parser from the parser page.