TWTQ: Custom log parsing

TWTQ: Custom log parsing

Hey guys,
Here's This Week's Top Question (TWTQ):

Q: How do I make use of the custom log parsing feature?
A: EventLog Analyzer contains a powerful custom log parser which allows you to analyze any human readable log format. While offering you out-of-the-box reports and alerts for a wide range of log sources, the product also allows you to get insights from your custom devices and applications.

You can set up custom log parsing via the log import feature (Settings > Import Log Data). When you import a file belonging to an unknown format, EventLog Analyzer does half the job as it can automatically recognize ten common log fields including timestamps, URLs, email addresses, MAC addresses, and IP addresses. However, these logs may also include some unrecognizable fields (such as usernames or folders). With the custom log parser, you can extract these fields and teach the solution how to recognize them in logs of this type.
  • Go to Settings > Import Log Data.
  • Select the custom log file from its location, and let the Log Format be 'Automatically Identify'.
  • Move the cursor above the filename and select the eye icon that appears. This allows you to view the logs, or extract custom fields:


In the above example, each log contains four fields - a timestamp (date and time), two IP addresses, and a text file name. As you can see, EventLog Analyzer automatically recognizes the first three fields. However, it is unable to parse the filename. To extract the custom filename field:
  • Select the tools icon next to any of the logs. The Extract Additional Fields window opens.
  • Highlight the custom field to be extracted (in this case, the filename) and click on it.
  • Provide the field a name, and specify any prefix or suffix which surrounds the field in all logs (in this case, the file extension, ".txt" is common to the filenames in all logs).
  • Click on Create Patterns. EventLog Analyzer uses the information given to generate a custom pattern which it uses to recognize the field:


  • You can click the Validate link to check that the generated pattern is accurate and the field is extracted from all logs.
  • Select Save Pattern so that the solution can parse this field as well from the custom log file.

With this feature, you can gain meaningful insights from your custom logs as well.