Skip to main content

Default Parsing

Logz.io automatically parses logs shipped from many platforms, services, containers, servers, and more.

The shipping configuration includes a log type parameter that determines which pipeline is used to parse the data. In OpenSearch Dashboards, it is indicated by a field named type.

Logz.io offers many pre-built parsing pipelines for a large number of log sources, as shown below. If you need a new pipeline created or want a customized version of an existing pipeline, contact Logz.io Support. Parsing-as-a-service is included in your package and we're happy to offer it.

tip

You can replace the @timestamp field, which is the Time column in your Log analytics discover view, by sending it in a different format. The available formats are: ISO8601 - 2023-05-21T12:45:10+00:00, UNIX - 1684662310, and UNIX_MS - 1684673200471. timestamp

Built-in log types

This table shows the log types that Logz.io parses automatically.

DescriptionTypePrebuilt parsing pipeline unless marked
Alcide kAuditalcide-kaudit✖️ Auto-parsed as part of platform integration.
Apache accessapache, apache_access, apache-access
Auditdauditd
Avastavast
AWS CloudFrontcloudfront
AWS CloudTrailcloudtrail
AWS ELBelb
AWS Fargatefargate✖️ Auto-parsed as part of platform integration.
AWS GuardDutyguardduty
AWS Route 53route_53
AWS S3 accessS3Access
AWS VPC Flowvpcflow
AWS WAFawswaf✖️ Auto-parsed as part of platform integration.
Checkpointcheckpoint
Cisco ASAcisco-asa
Cisco Merakicisco-meraki
Collectl tabcollectl-tab
Crowdstrikecrowdstrike
Dockerdocker_logs
Docker Collector Logsdocker-collector-logs
Elasticsearchelasticsearch
ESETeset
EventHubeventHub
Fail2banfail2ban
Falcofalco
Fargatefargate✖️ Auto-parsed as part of platform integration.
Fortigatefortigate
GitHubgithub✖️ Auto-parsed as part of platform integration.
GPFSgpfs
HAProxy Load Balancerhaproxy
Jenkinsjenkins
Juniperjuniper
Kafkakafka_server
Kubernetesk8s✖️ Auto-parsed as part of platform integration.
Mcafee EPOmcafee_epo
Microsoft IISiis
ModSecuritymodsecurity✖️ Auto-parsed as part of platform integration.
MongoDBmongodb
Monitmonit
MySQLmysql
MySQL errormysql_error
MySQL monitormysql_monitor
MySQL slow querymysql_slow_query
Nagiosnagios
NGINX accessnginx, nginx_access, nginx-access
NGINX errornginx-error
NGINX errornginx_error
o365o365
OpenVASopenvas
OpenVPNopenvpn
OSSECossec
Trend Microtrendmicro_deep
Palo Alto Networkspaloalto
Performance-tabperformance-tab
pfSensepfsense
Sentinel Onesentinel_one
Sonicwallsonicwall
Sophos Intercept Xsophos-ep✖️ Auto-parsed as part of platform integration.
Stormshieldstormshield
Sysmonwineventlog
Windows WinEventLogwineventlog
Zeekzeek
Zipkin spanzipkinSpan