Overview
Processors are fundamental components in log processing pipelines that perform specific operations on log data. They are responsible for transforming, enriching, and manipulating log entries as they flow through the system. Each processor is designed to handle a specific type of operation, from simple field modifications to complex data transformations.
๐ง AIโ
AI processors harness the power of artificial intelligence APIs for sophisticated content analysis and processing. These processors utilize various AI services to perform advanced text analysis, classification, and generation tasks. They enable intelligent processing of content, making it possible to extract insights and meaning from complex data.
๐ญ Anthropic
Processes content with Anthropic's Claude API
โก Azure OpenAI
Processes content with Azure OpenAI API
๐ OpenAI
Uses OpenAI's API for content analysis
๐น Analyticsโ
Analytics processors gather and manipulate data to render the data points suitable for metrics and analyses. They select the data points that reveal critical information about the generators of data, and process them to make the relevant information contained in them more visible.
๐ Confidence
Calculates confidence scores from scoring data with multiple normalization methods
๐ Debug
Logs debugging information
๐ Dynamic Sample
Adjusts sampling rates
๐ฒ Sample
Reduces data volume by sampling
๐ฏ Score
Evaluates and scores data against configurable rules for pattern recognition and classification
๐ Suppress
Suppresses duplicate events within a sliding time window using a key expression.
๐งฎ Arithmeticโ
Arithmetic processors perform mathematical operations and calculations on numeric field values within log data. They support basic mathematical functions like addition, subtraction, multiplication, and division, as well as more complex operations such as calculating percentages, averages, and statistical computations. These processors enable quantitative analysis of log data by transforming raw numbers into meaningful metrics and derived values.
๐ Abs
Absolute value of a field
โ Add
Adds numeric values
๐ผ Ceil
Rounds numbers up
๐ข Checksum
Calculates cryptographic and non-cryptographic checksums of field values
โ Divide
Divides values
๐ฝ Floor
Rounds numbers down
๐ต Math
Performs mathematical operations
๐ผ Max
Calculates the maximum value
๐ฝ Min
Calculates the minimum value
๐ Modulo
Calculates the remainder
โ๏ธ Multiply
Multiplies two numeric values
๐ข Ordinal
Converts numbers to ordinal format in multiple languages
โก Power
Raises a numeric value to a power
๐ Round
Rounds numeric values
โ Sqrt
Calculates the square root
โ Subtract
Subtracts numeric values
๐ Flow Controlโ
Flow Control processors manage the execution paths and logic within processing pipelines. They direct how documents move through the system, handle conditional processing, filtering, and organize pipeline structure. These processors are essential for creating sophisticated processing logic and maintaining efficient pipeline organization.
โ Break
Halts execution of remaining processors in the current pipeline chain and forwards the log entry to its target
๐ Case
Conditional field assignment using case-when logic
๐ Check Schema
Validates event data against ASIM or OCSF schema definitions
โก Commit
Finalizes staged routes from reroute processor
โก๏ธ Continue
Continues to the next processor in the pipeline chain
๐ Contains
Checks the presence of a value
๐ Date Index
Generates time-based index names
๐ฆ Discard
Removes staged routes from pipeline processing flow
๐ซ Drop
Conditionally stops processing a document
โ Fail
Raises failures when conditions are met
๐ Final
Terminates a pipeline
๐ Foreach
Applies processors to arrays
๐ฏ Go To
Jumps to specific points in the processing pipeline
๐ฆ Group
Groups multiple processors together for conditional execution and organization
โ IFF
Conditional field assignment processor
๐ Matches
Tests a field value against a text pattern or regular expression
๐ Pipeline
Executes another pipeline
โ Recover
Terminates the pipeline successfully, ignoring any previous errors
๐ฏ Regex Filter
Filters events using regexes
โคด๏ธ Return
Finalizes processing and prevents further pipeline execution
๐ Reroute
Directs logs to specific destinations
๐ Script
Executes scripts
๐ฏ Select
Extracts a specific element from arrays by position
โ๏ธ Slice
Extracts a portion of an array field
โ๏ธ Take
Extracts a specified number of characters or elements from strings and arrays
โ Date and Timeโ
Date and Time processors handle temporal data operations including parsing, formatting, and manipulating date and time values. They convert between different date formats, extract time components, calculate time differences, and manage timezone conversions. These processors are essential for standardizing temporal data and performing time-based analysis on log entries.
๐ Date
Parses dates from date fields
โฑ๏ธ Duration
Converts durations to seconds
โฐ Time Shift
Shifts timestamps by specified amounts with timezone conversion
โธ๏ธ Wait
Introduces a time delay
๐ Enrichโ
Enrichment processors enhance log data by incorporating additional context and information from external sources. They add value to existing data by integrating geographical information, performing DNS lookups, and adding domain intelligence. These processors connect with external databases and services to provide comprehensive context to your log data, making it more valuable for analysis and understanding.
๐ AAD Error Code
Converts Azure Active Directory error codes to human-readable descriptions
๐ Attachment
Extracts content and metadata
โญ Circle
Converts circles to polygons
๐ DNS Lookup
Performs and caches DNS lookups
๐ Error Code
Decodes Windows system error codes into human-readable descriptions
๐ Enrich
Enriches documents using lookup tables and SQL queries
๐ Geo Grid
Converts geo-grid definitions to shapes
๐บ๏ธ Geo IP
Adds geographic information
๐ Lookup
Enriches documents using lookup tables
๐ Registered Domain
Extracts domain components
โ๏ธ Snowflake
Generates a unique Snowflake ID
๐ง Data Manipulationโ
Data Manipulation processors modify existing data fields and values to ensure proper formatting and structure. They handle tasks such as appending values, converting data types, managing field structures, string manipulation, and data transformation. These processors are fundamental for maintaining data consistency and preparing information for further processing or analysis.
โ Append
Appends values to fields
๐ Bag Pack
Creates a map (bag) from key-value pairs with template support
๐ Bytes
Expresses values in bytes
๐ช Camel Case
Converts strings to camelCase format
๐งน Clean
Removes unwanted characters from string fields with configurable cleaning modes
๐ Coalesce
Returns the first non-null, non-empty value from a list of fields
๐ฏ Compact
Removes empty fields from documents
๐ Convert
Converts values between types
๐ณ Dot Expander
Expands dot notation field names into nested object structures
๐ Dot Nester
Flattens nested objects into dot notation fields
๐ Dot Case
Converts strings to dot.case format
๐ Enforce Schema
Validates and enforces data schemas on log entries
๐ Expand Range
Expands range expressions into arrays of individual values
๐ Gsub
Regular expression-based replacement
�๐ join-kv
Converts key-value pairs to a string
๐ Join
Combines array elements
โ Keep
Keeps only specified fields
๐ Kebab Case
Converts strings to kebab-case format
๐๏ธ Minify
Minifies XML, JSON, and HTML content for performance optimization
๐ฆ Move
Changes field locations
๐จ Normalize
Converts field names between formats
๐ Pascal Case
Converts strings to PascalCase format
๐ Print
Creates formatted strings using template values and field references
๐๏ธ Remove
Removes fields
๐ท๏ธ Rename
Renames fields
๐ Replace
Performs string replacement operations with case-sensitive and case-insensitive options
๐ฆ Serialize
Converts structured data to serialized formats like JSON, XML, CSV, and TSV
โ๏ธ Set
Sets the value of a field
๐ Snake Case
Converts strings to snake_case format
๐ Sort
Sorts values in a field
โ Split
Split a string on a separator
๐ฉ Title Case
Converts strings to Title Case format
๐ Decodeโ
Decode processors specialize in decoding and decrypting encoded data formats. They handle operations like JWT token decoding, ACL information extraction, hexadecimal to ASCII conversion, and other specialized decoding tasks. These processors are essential for converting encoded or encrypted data into readable formats for further processing.
๐ ACL Decode
Extracts and decodes Access Control List (ACL) information from fields
๐ Base64 Decode
Decodes base64-encoded strings to UTF-8 text
๐ Base64 Encode
Encodes string values to Base64 standard encoding format
๐ข Binary Decode
Decodes binary strings (e.g., "01000001") to ASCII (e.g., "A")
๐จ Color Decode
Processes and converts between different color format representations
๐ข Hex Decode
Decodes hexadecimal strings to ASCII representation
๐ JWT Decode
Decodes JSON Web Tokens into header, claims, and signature components
๐๏ธ Kerberos Decode
Extracts and decodes Kerberos ticket information
๐ SID Decode
Extracts and decodes Windows Security Identifier (SID) information
๐ URL Decode
Decodes URL-encoded strings
๐ Zlib Compress
Compresses string data using zlib compression and encodes to base64
๐ Zlib Decompress
Decompresses zlib-compressed base64-encoded strings
๐ง Networkingโ
Networking processors handle network-related data operations and communications. They perform network protocol analysis, manage IP address operations, conduct DNS lookups, and handle network connectivity tasks. These processors are vital for processing network logs, analyzing network traffic patterns, and enriching data with network intelligence.
๐ Community ID
Computes a community ID hash
๐ DNS Query Type
Converts DNS query type numbers to human-readable names
๐ก DNS Response Code
Converts DNS response code numbers to human-readable names
๐ HTTP Status
Converts HTTP status codes to human-readable status names
๐ก ICMP Type
Converts ICMP type codes to human-readable type names
๐ IP Type
Determines IP address type (IPv4/IPv6) and network classification (Public/Private)
๐ Network Direction
Determines network traffic direction
๐ Network Split
Splits a host:port address string into separate IP and port fields
๐ Network Protocol
Converts network protocol numbers to human-readable protocol names
๐ Notificationโ
Notification processors send alerts and notifications to external services when specific conditions are detected in the data pipeline. They integrate with incident management platforms, messaging services, and collaboration tools to enable real-time alerting on schema drift, validation failures, and other pipeline events.
๐ Microsoft Teams
Sends alert notifications to Microsoft Teams via webhook
๐ PagerDuty
Sends incident alerts to PagerDuty via Events API v2
๐ ServiceNow
Creates and updates incidents in ServiceNow
๐ Slack
Sends alert notifications to Slack via webhook
๐ Telegram
Sends alert notifications to Telegram via Bot API
๐ Parseโ
Parsing processors transform raw data into structured formats by extracting meaningful information from various input types. They handle multiple data formats and message types, converting them into structured data. These processors excel at converting unstructured or semi-structured data into well-organized, usable formats by applying patterns and rules to extract relevant fields.
๐จ CEF
Parses CEF messages
๐ Concat
Concatenates values from multiple fields into a single string
๐ CSV
Parses CSV data
๐พ Data Size
Parses human-readable data sizes (e.g., "1kb") to byte values
๐ช Dissect
Parses data using pre-defined patterns
๐ท๏ธ FQDN
Parses and extracts components from fully qualified domain names and hostnames
๐ฏ Grok
Extracts fields with patterns
๐งน HTML Strip
Removes HTML tags
๐ JSON
Parses JSON data
๐งฉ KV
Extracts key-values pairs
๐ฉ LEEF
Parses LEEF messages
๐ถ Level
Extracts log levels from messages
๐งฉ Pattern
Extracts structured patterns from log messages
๐งฉ Regex Extract
Extracts fields with named capture groups
๐ Regex Replace
Replaces text patterns using regular expressions
๐ Syslog
Parses syslog messages
๐ TSV
Parses TSV data
๐ Unix Permission
Extracts and decodes Unix file permission information
๐ URI Parts
Parses URI strings into fields
๐ค User Agent
Parses agent strings
๐ XML
Parses XML into maps
๐ก๏ธ Securityโ
Security processors focus on protecting sensitive information and managing data security. They implement encryption and decryption operations, generate document signatures, and handle data masking and redaction. These processors ensure that sensitive information is properly protected while maintaining the utility of the data for analysis.
๐ Community ID
Computes a community ID hash
๐ Decrypt
Removes AES encryption from a field
๐ Encrypt
Encrypts string values using AES encryption with optional compression
๐ Fingerprint
Generates hashes to sign documents
๐ญ Mask
Masks sensitive data with hashes
๐ก๏ธ Microsoft Defender Create
Creates custom alerts in Microsoft Defender for Endpoint
๐ก๏ธ Microsoft Defender Get
Retrieves alert details from Microsoft Defender for Endpoint
๐ก๏ธ Microsoft Defender Update
Updates alerts in Microsoft Defender for Endpoint
๐ก๏ธ Microsoft Graph Get
Retrieves security alerts or incidents from Microsoft Graph Security API
๐ก๏ธ Microsoft Graph Update
Updates alerts and incidents in Microsoft Defender and Sentinel using Microsoft Graph API
โฌ Redact
Masks sensitive data
๐ค Username Type
Identifies and classifies username formats according to ASIM standards
๐ช Windows User Type
Classifies Windows user accounts based on username and SID patterns according to ASIM standards
๐ Text Processingโ
Text Processing processors specialize in advanced text manipulation and analysis operations beyond basic string handling. They perform sophisticated text operations such as natural language processing, text classification, sentiment analysis, and complex string transformations. These processors are designed to extract meaningful insights from textual content and perform advanced linguistic operations on text fields within log data.
๐ค Capitalize
Capitalizes the first letter of strings while making the rest lowercase
๐ญ Comment
Adds an explanatory comment
๐ Humanize
Converts numbers to human-readable format with metric prefixes
โฌ ๏ธ Keep First
Keeps first N characters of strings or N elements of arrays
โก๏ธ Keep Last
Keeps last N characters of strings or N elements of arrays
โฌ๏ธ Lowercase
Converts strings to lowercase
๐ฒ Random String
Generates random strings with specified length and character sets
โ๏ธ Substring
Extracts substrings from string fields
๐ Text Wrap
Wraps text to specified widths by inserting line breaks
โ๏ธ Trim First
Removes characters or keywords from the beginning of strings
โ๏ธ Trim Last
Removes characters or keywords from the end of strings
โ๏ธ Trim
Removes spaces from the head and tail
โฌ๏ธ Uppercase
Converts strings to uppercase
๐ต๏ธ Threat Intelligenceโ
Threat Intelligence processors integrate with external security services to provide context about potential security threats. They connect with various threat intelligence providers to retrieve and incorporate security data. These processors are crucial for security analysis and threat detection, providing real-time intelligence about potential security risks.
๐ฝ AlienVault
Retrieves threat intelligence from AlienVault
โ๏ธ Cloudflare Intel
Retrieves intelligence from Cloudflare's API
๐ CPID
Generates a Common Process ID
๐ IP Quality Score
Enriches data with IP Quality Score
๐ก๏ธ VirusTotal
Enriches data with VirusTotal threat intelligence