Default parsing

Logz.io automatically parses logs shipped from many platforms, services, containers, servers, and more.

The shipping configuration includes a log type parameter that determines which pipeline is used to parse the data. In Kibana, it is indicated by a field named type.

Logz.io offers many pre-built parsing pipelines for a large number of log sources, as shown below. If you need a new pipeline created or want a customized version of an existing pipeline, contact Logz.io Support. Parsing-as-a-service is included in your package and we’re happy to offer it.

Built-in log types

This table shows the log types that Logz.io parses automatically.

Description	Type	Prebuilt parsing pipeline unless marked
Alcide kAudit	alcide-kaudit	✖️ Auto-parsed as part of platform integration.
Apache access	apache, apache_access, apache-access	✔
Auditd	auditd	✔
AWS CloudFront	cloudfront	✔
AWS CloudTrail	cloudtrail	✔
AWS ELB	elb	✔
AWS Fargate	fargate	✖️ Auto-parsed as part of platform integration.
AWS GuardDuty	guardduty	✔
AWS Route 53	route_53	✔
AWS S3 access	S3Access	✔
AWS VPC Flow	vpcflow	✔
AWS WAF	awswaf	✖️ Auto-parsed as part of platform integration.
Checkpoint	checkpoint	✔
Cisco ASA	cisco-asa	✔
Cisco Meraki	cisco-meraki	✔
Crowdstrike	crowdstrike	✔
Docker	docker_logs	✔
Docker Collector Logs	docker-collector-logs	✔
Elasticsearch	elasticsearch	✔
Fail2ban	fail2ban	✔
Falco	falco	✔
Fargate	fargate	✖️ Auto-parsed as part of platform integration.
Fortigate	fortigate	✔
GitHub	github	✖️ Auto-parsed as part of platform integration.
GPFS	gpfs	✔
HAProxy Load Balancer	haproxy	✔
Jenkins	jenkins	✔
Juniper	juniper	✔
Kafka	kafka_server	✔
Kubernetes	k8s	✖️ Auto-parsed as part of platform integration.
Mcafee EPO	mcafee_epo	✔
Microsoft IIS	iis	✔
ModSecurity	modsecurity	✖️ Auto-parsed as part of platform integration.
MongoDB	mongodb	✔
Monit	monit	✔
MySQL	mysql	✔
MySQL error	mysql_error	✔
MySQL monitor	mysql_monitor	✔
MySQL slow query	mysql_slow_query	✔
Nagios	nagios	✔
NGINX access	nginx, nginx_access, nginx-access	✔
NGINX error	nginx-error	✔
OpenVAS	openvas	✔
OSSEC	ossec	✔
Trend Micro	trendmicro_deep	✔
Palo Alto Networks	paloalto	✔
Performance-tab	performance-tab	✔
Sonicwall	sonicwall	✔
Sophos Intercept X	sophos-ep	✖️ Auto-parsed as part of platform integration.
Stormshield	stormshield	✔
Sysmon	wineventlog	✔
Windows WinEventLog	wineventlog	✔
Zeek	zeek	✔
Zipkin span	zipkinSpan	✔