Match groups
A match group (match-group)
is a set of patterns that are used for parsing or modifying one or
more types of events.
A matcher is an entity within a match group that is parsed, for example, EventName, and is paired with the appropriate pattern and group for parsing. Any number of match groups can appear in the extension document.
| Parameter | Description |
|---|---|
|
An integer greater than zero that defines the order in which the match groups are executed. It must be unique within the extension document. |
|
|
A description for the match group, which can be any string. This information can appear in the logs. If not specified, this parameter defaults to empty. |
|
|
Define a different device ID to override the QID. Allows the particular match group to search in the specified device for the event type. It must be a valid log source type ID, represented as an integer. If not specified, this parameter defaults to the log source type of the log source to which the extension is attached. |
Match groups can have these entities: