/AWS1/CL_CWLPARSETOOCSF¶
This processor converts logs into Open Cybersecurity Schema Framework (OCSF) events.
For more information about this processor including examples, see parseToOSCF in the CloudWatch Logs User Guide.
CONSTRUCTOR¶
IMPORTING¶
Required arguments:¶
iv_eventsource TYPE /AWS1/CWLEVENTSOURCE /AWS1/CWLEVENTSOURCE¶
Specify the service or process that produces the log events that will be converted with this processor.
iv_ocsfversion TYPE /AWS1/CWLOCSFVERSION /AWS1/CWLOCSFVERSION¶
Specify which version of the OCSF schema to use for the transformed log events.
Optional arguments:¶
iv_source TYPE /AWS1/CWLSOURCE /AWS1/CWLSOURCE¶
The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.
Queryable Attributes¶
source¶
The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_SOURCE() |
Getter for SOURCE, with configurable default |
ASK_SOURCE() |
Getter for SOURCE w/ exceptions if field has no value |
HAS_SOURCE() |
Determine if SOURCE has a value |
eventSource¶
Specify the service or process that produces the log events that will be converted with this processor.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_EVENTSOURCE() |
Getter for EVENTSOURCE, with configurable default |
ASK_EVENTSOURCE() |
Getter for EVENTSOURCE w/ exceptions if field has no value |
HAS_EVENTSOURCE() |
Determine if EVENTSOURCE has a value |
ocsfVersion¶
Specify which version of the OCSF schema to use for the transformed log events.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_OCSFVERSION() |
Getter for OCSFVERSION, with configurable default |
ASK_OCSFVERSION() |
Getter for OCSFVERSION w/ exceptions if field has no value |
HAS_OCSFVERSION() |
Determine if OCSFVERSION has a value |