Documentation Link: Log Parsing Customization Guide for RSA NetWitness Platform 11.x - Table of Contents
This video covers the building of a log parser using the Log Parser Rules feature within RSA NetWitness. We cover in its entirety scenario 1, and scenario 2 has coverage as well to a limited degree as it comprises mostly of steps covered in Scenario 1.
Scenario 1:
- Device Type (device.type) does not exist
- Message ID (msg.id) does not exist
Scenario 2:
- Device Type (device.type) exists
- Message ID (msg.id) does not exist