Skip to main content
Solved

Parser update

  • January 22, 2025
  • 4 replies
  • 46 views
R
Forum|alt.badge.img+8

Hello , 
Please can someone tell me a best practices to avoid updates that can ruin my parsers.

For exemple i have done some modification on a existing parser , and i received a new update and i want to make sure that the update does not ruin my modifications on the parser.

Best regards.

Best answer by AymanC

Hi @Rached1996,

When updating a parser, it will show you the difference between the two, you can replace the left version (previous) with your custom parser, and identify the differences between the new updated version, and your version. When going to validate the parser, the parser is run against the relevant dataset, and metrics are provided which are useful to identify if the parser has any issues relating to normalization issues, parsing errors, delayed time to parse etc.

Kind Regards,

Ayman

    4 replies

    maxjunker
    Forum|alt.badge.img+4
    • maxjunkerBronze 4
    • Bronze 4
    • January 22, 2025

    Hi @Rached1996

    1.  a good pratice is to do a complete backup of the parser before you begin (clone)
    2. Use Custom Parsers for Additional Fields
      1. If possible, avoid editing the default parser altogether. Instead, create custom parsers that handle the additional fields or specific logic you need. Custom parsers will remain unaffected by updates to the default parsers.
      2. Use the create extension function if you want to add additional features to the existing parser
    3. Watch out for updates to the pre-built / default parser in the release notes (https://cloud.google.com/chronicle/docs/release-notes)

    are you extending a pre-built parser or do you have a complete custom one?`

     

     

    /Max

      AymanC
      Forum|alt.badge.img+13
      • AymanCBronze 5
      • Bronze 5
      • Answer
      • January 23, 2025

      Hi @Rached1996,

      When updating a parser, it will show you the difference between the two, you can replace the left version (previous) with your custom parser, and identify the differences between the new updated version, and your version. When going to validate the parser, the parser is run against the relevant dataset, and metrics are provided which are useful to identify if the parser has any issues relating to normalization issues, parsing errors, delayed time to parse etc.

      Kind Regards,

      Ayman

      R
      Forum|alt.badge.img+8
      • Rached1996Silver 2
      • Author
      • Silver 2
      • January 28, 2025

      Hi @Rached1996,

      When updating a parser, it will show you the difference between the two, you can replace the left version (previous) with your custom parser, and identify the differences between the new updated version, and your version. When going to validate the parser, the parser is run against the relevant dataset, and metrics are provided which are useful to identify if the parser has any issues relating to normalization issues, parsing errors, delayed time to parse etc.

      Kind Regards,

      Ayman


      hello , thanks for the reply 
      i'm getting this message while changing the one on the left ( changing prebuilt with custom ) 


      how can i resolve ?

      cmorris
      Staff
      Forum|alt.badge.img+10
      • cmorris
      • Staff
      • January 28, 2025

      hello , thanks for the reply 
      i'm getting this message while changing the one on the left ( changing prebuilt with custom ) 


      how can i resolve ?


      Are you trying to edit from the update page? The update page will show diffs, but you'll need to edit the custom parser via the edit option for that parser from the parser page.

        Terms & ConditionsCookie settingsAccessibility statement
        Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

        © 2025 Google. All rights reserved.