Skip to main content
Version: v4.19

parse

Applies a parser to the string stored in a given field.

Synopsis

parse <input> <parser> [<args...>]

Description

The parse operator parses a given <input> field using <parser> and replaces this field with the result.

<input>

Specifies the field of interest. The field must be of type string.

<parser> [<args...>]

Specifies the parser format and the corresponding arguments specific to each parser. <parser> can be one of the parsers in formats.

Examples

Parse CEF from the Syslog messages stored in test.log, returning only the result from CEF parser.

from test.log read syslog | parse content cef | yield content