Help Center Logpoint Docs Idea Portal Logpoint.com

Release of Universal Normalizer v5.0.0.

  • 25 January 2023
  • 4 replies
  • 162 views
A
  • Anonymous
  • 0 replies

Dear All,

We are excited to announce the public release of Universal Normalizer v5.0.0.

Why is this great news? 

Universal Normalizer enables you to create Customer Compiled Normalizers for a range of supported log formats by yourself with just a few simple steps and no waiting time.  

 The supported log formats currently include:

 

  • JSON

  • CSV

  • XML

  • CEF

  • LEEF

  • Key-value pair

To read more about Universal Normalizer v.5.0.0., please follow the links below:

Dowload: 

https://servicedesk.logpoint.com/hc/en-us/articles/8874831748253

Documentation:

 https://docs.logpoint.com/docs/universalnormalizer/en/latest/#universal-normalizer 

 

 

 

4 replies

markus.nebel@8com.de
Userlevel 4
Badge +8

This is a really great new feature!

Please also add support to the director console.

 

Anyway, the key-value-pair mode doesn’t seem to work with the “comma” delimiter.

 

It would also be great to have a “regex” log type option, where you can specify the key-value parsing yourself.

A

Thanks a lot Markus for your feedback :) @Basudev Raut could you please help out here? :)

Sameer Kattel
Rank

Hello Markus,

 

We acknowledge the issue with “comma” delimiter in key-value-pair mode and have already worked out on the fix. The fix will very soon be available in the new release.

Regarding its support in the director console, we are working things out with the Director team and looking forward to have some answer or integration in near future.

Furthermore, we have currently supported standard delimiters only. Adding a “regex” log type with ‘regex as delimiter’ capability will add more complexity to the Universal Normalizer as we will be unable to predict the possible values as regex from user. This uncertainty will prevent us from proper testing of the Universal Normalizer in key-value mode. Moreover, in some cases like pipe ( | ) user may add only the symbol ‘|’ as delimiter but it would require for some characters as such to be escaped in the regex like ’\|’. Such unexpected usage will result in creating Compiled Normalizers that would not behave as expected. For all such reasons we have only added standard delimiters as of now.

I hope this resolves your query.

---


Best Regards,
Sameer Kattel,

Associate Security Analytics Engineer,

Security Research Department

A

Hi @markus.nebel@8com.de, we are glad to share that the points you brought to our attention has been addressed in the new 5.0.1 release. Please see the details here:https://servicedesk.logpoint.com/hc/en-us/articles/8874831748253 

Reply


Terms & ConditionsCookie settings