Adding a log source parsing order (UP15 and later)

You can assign a priority order for when the events are parsed by the target event collector.

About this task

You can order the importance of the log sources by defining the parsing order for log sources that share a common IP address or host name. Defining the parsing order for log sources ensures that certain log sources are parsed in a specific order, regardless of changes to the log source configuration. The parsing order ensures that system performance is not affected by changes to log source configuration by preventing unnecessary parsing. The parsing order ensures that low-level event sources are not parsed for events before more important log source.

Procedure

For UP15, if you access parsing order through the Admin tab, you are redirected to the Log Source Management App. The parsing order is now configured in the Log Source Management App.

  1. Click the Log Source tab.
  2. Select a log source.
  3. Click View.
  4. Click Protocol tab. A configuration icon (⚙️) will be visible beside each identifier. This icon will be enabled only if parsing order can be configured for that specific identifier.
  5. Click the configuration icon (⚙️) to configure the parsing order.
  6. Prioritize the log source parsing order.
  7. Click Save.