Processors: Categorized

Processors are fundamental components in log processing pipelines that perform specific operations on log data. They are responsible for transforming, enriching, and manipulating log entries as they flow through the system. Each processor is designed to handle a specific type of operation, from simple field modifications to complex data transformations.

🧠 AI

AI processors harness the power of artificial intelligence APIs for sophisticated content analysis and processing. These processors utilize various AI services to perform advanced text analysis, classification, and generation tasks. They enable intelligent processing of content, making it possible to extract insights and meaning from complex data.

🎭 Anthropic

Processes content with Anthropic's Claude API

⚡ Azure OpenAI

Processes content with Azure OpenAI API

🌟 OpenAI

Uses OpenAI's API for content analysis

💹 Analytics

Analytics processors gather and manipulate data to render the data points suitable for metrics and analyses. They select the data points that reveal critical information about the generators of data, and process them to make the relevant information contained in them more visible.

📊 Confidence

Calculates confidence scores from scoring data with multiple normalization methods

🔍 Debug

Logs debugging information

📊 Dynamic Sample

Adjusts sampling rates

🎲 Sample

Reduces data volume by sampling

🎯 Score

Evaluates and scores data against configurable rules for pattern recognition and classification

🧮 Arithmetic

Arithmetic processors perform mathematical operations and calculations on numeric field values within log data. They support basic mathematical functions like addition, subtraction, multiplication, and division, as well as more complex operations such as calculating percentages, averages, and statistical computations. These processors enable quantitative analysis of log data by transforming raw numbers into meaningful metrics and derived values.

📊 Abs

Absolute value of a field

➕ Add

Adds numeric values

🔼 Ceil

Rounds numbers up

➗ Divide

Divides values

🔽 Floor

Rounds numbers down

📵 Math

Performs mathematical operations

🔼 Max

Calculates the maximum value

🔽 Min

Calculates the minimum value

🔄 Modulo

Calculates the remainder

✖️ Multiply

Multiplies two numeric values

⚡ Power

Raises a numeric value to a power

🔄 Round

Rounds numeric values

√ Sqrt

Calculates the square root

➖ Subtract

Subtracts numeric values

⚙️ Control Flow

Control Flow processors manage the execution paths and logic within processing pipelines. They direct how documents move through the system, handle conditional processing, and organize pipeline structure. These processors are essential for creating sophisticated processing logic and maintaining efficient pipeline organization.

🔀 Case

Conditional field assignment using case-when logic

🔍 Contains

Checks the presence of a value

📅 Date Index

Generates time-based index names

❌ Fail

Raises failures when conditions are met

🏁 Final

Terminates a pipeline

🔄 Foreach

Applies processors to arrays

📦 Group

Groups multiple processors together for conditional execution and organization

❓ IFF

Conditional field assignment processor

🔁 Pipeline

Executes another pipeline

🔀 Reroute

Directs logs to specific destinations

📜 Script

Executes scripts

⌚ Date and Time

Date and Time processors handle temporal data operations including parsing, formatting, and manipulating date and time values. They convert between different date formats, extract time components, calculate time differences, and manage timezone conversions. These processors are essential for standardizing temporal data and performing time-based analysis on log entries.

📅 Date

Parses dates from date fields

⏱️ Duration

Converts durations to seconds

⏸️ Wait

Introduces a time delay

💠 Enrich

Enrichment processors enhance log data by incorporating additional context and information from external sources. They add value to existing data by integrating geographical information, performing DNS lookups, and adding domain intelligence. These processors connect with external databases and services to provide comprehensive context to your log data, making it more valuable for analysis and understanding.

🔑 AAD Error Code

Converts Azure Active Directory error codes to human-readable descriptions

📎 Attachment

Extracts content and metadata

⭕ Circle

Converts circles to polygons

🔍 DNS Lookup

Performs and caches DNS lookups

💠 Enrich

Enriches documents using lookup tables and SQL queries

🌐 Geo Grid

Converts geo-grid definitions to shapes

🗺️ Geo IP

Adds geographic information

📖 Lookup

Enriches documents using lookup tables

🌍 Registered Domain

Extracts domain components

❄️ Snowflake

Generates a unique Snowflake ID

🎯 Filter

Filter processors selectively process or exclude data based on specific criteria. They help maintain data quality by removing unwanted information, applying pattern matching for selection, and standardizing content. These processors are crucial for ensuring that only relevant data continues through the pipeline, improving processing efficiency and data clarity.

🚫 Drop

Conditionally stops processing a document

🎯 Regex Filter

Filters events using regexes

🎯 Select

Extracts a specific element from arrays by position

✂️ Slice

Extracts a portion of an array field

✂️ Take

Extracts a specified number of characters or elements from strings and arrays

✏️ Mutate

Mutation processors modify existing data fields and values to ensure proper formatting and structure. They handle tasks such as appending values, converting data types, managing dates, and manipulating strings. These processors are fundamental for maintaining data consistency and preparing information for further processing or analysis.

➕ Append

Appends values to fields

📏 Bytes

Expresses values in bytes

🧹 Clean

Removes unwanted characters from string fields with configurable cleaning modes

🔑 Community ID

Computes a community ID hash

🎯 Compact

Removes empty fields from documents

🔄 Convert

Converts values between types

🔄 Gsub

Regular expression-based replacement

🔗 Join KV

Converts key-value pairs to a string

✅ Keep

Keeps only specified fields

🗜️ Minify

Minifies XML, JSON, and HTML content for performance optimization

🗑️ Remove

Removes fields

🏷️ Rename

Renames fields

📦 Serialize

Converts structured data to serialized formats like JSON, XML, CSV, and TSV

✏️ Set

Sets the value of a field

🔀 Sort

Sorts values in a field

➗ Split

Split a string on a separator

🖧 Networking

Networking processors handle network-related data operations and communications. They perform network protocol analysis, manage IP address operations, conduct DNS lookups, and handle network connectivity tasks. These processors are vital for processing network logs, analyzing network traffic patterns, and enriching data with network intelligence.

🌐 DNS Query Type

Converts DNS query type numbers to human-readable names

📡 DNS Response Code

Converts DNS response code numbers to human-readable names

🌐 HTTP Status

Converts HTTP status codes to human-readable status names

📡 ICMP Type

Converts ICMP type codes to human-readable type names

🌍 IP Type

Determines IP address type (IPv4/IPv6) and network classification (Public/Private)

🔌 Network Direction

Determines network traffic direction

🌐 Network Protocol

Converts network protocol numbers to human-readable protocol names

📋 Parse

Parsing processors transform raw data into structured formats by extracting meaningful information from various input types. They handle multiple data formats and message types, converting them into structured data. These processors excel at converting unstructured or semi-structured data into well-organized, usable formats by applying patterns and rules to extract relevant fields.

📨 CEF

Parses CEF messages

🔗 Concat

Concatenates values from multiple fields into a single string

📄 CSV

Parses CSV data

🔪 Dissect

Parses data using pre-defined patterns

🏷️ FQDN

Parses and extracts components from fully qualified domain names and hostnames

🎯 Grok

Extracts fields with patterns

🧹 HTML Strip

Removes HTML tags

📄 JSON

Parses JSON data

🧩 KV Pair

Extracts key-values pairs

📩 LEEF

Parses LEEF messages

📶 Level

Extracts log levels from messages

🧩 Pattern

Extracts structured patterns from log messages

🧩 Regex Extract

Extracts fields with named capture groups

🔄 Regex Replace

Replaces text patterns using regular expressions

📝 Syslog

Parses syslog messages

🔗 URI Parts

Parses URI strings into fields

🔓 URL Decode

Decodes URL-encoded strings

🤖 User Agent

Parses agent strings

📑 XML

Parses XML into maps

🛡️ Security

Security processors focus on protecting sensitive information and managing data security. They implement encryption and decryption operations, generate document signatures, and handle data masking and redaction. These processors ensure that sensitive information is properly protected while maintaining the utility of the data for analysis.

🔓 Decrypt

Removes AES encryption from a field

🔒 Encrypt

Encrypts string values using AES encryption with optional compression

🔑 Fingerprint

Generates hashes to sign documents

🎭 Mask

Masks sensitive data with hashes

⬛ Redact

Masks sensitive data

👤 Username Type

Identifies and classifies username formats according to ASIM standards

🪟 Windows User Type

Classifies Windows user accounts based on username and SID patterns according to ASIM standards

📝 Text Processing

Text Processing processors specialize in advanced text manipulation and analysis operations beyond basic string handling. They perform sophisticated text operations such as natural language processing, text classification, sentiment analysis, and complex string transformations. These processors are designed to extract meaningful insights from textual content and perform advanced linguistic operations on text fields within log data.

🔤 Capitalize

Capitalizes the first letter of strings while making the rest lowercase

💭 Comment

Adds an explanatory comment

⬇️ Lowercase

Converts strings to lowercase

✂️ Trim First

Removes characters or keywords from the beginning of strings

✂️ Trim Last

Removes characters or keywords from the end of strings

✂️ Trim

Removes spaces from the head and tail

⬆️ Uppercase

Converts strings to uppercase

🕵️ Threat Intelligence

Threat Intelligence processors integrate with external security services to provide context about potential security threats. They connect with various threat intelligence providers to retrieve and incorporate security data. These processors are crucial for security analysis and threat detection, providing real-time intelligence about potential security risks.

👽 AlienVault

Retrieves threat intelligence from AlienVault

☁️ Cloudflare Intel

Retrieves intelligence from Cloudflare's API

🆔 CPID

Generates a Common Process ID

📊 IP Quality Score

Enriches data with IP Quality Score

🛡️ VirusTotal

Enriches data with VirusTotal threat intelligence

🔄 Transform

Transform processors handle structural changes to data by modifying how information is organized and represented. They manage tasks like expanding and nesting field structures, combining elements, and normalizing field names. These processors are essential for ensuring data consistency and maintaining proper data structure throughout the processing pipeline.

🎒 Bag Pack

Creates a map (bag) from key-value pairs with template support

🔗 Coalesce

Returns the first non-null, non-empty value from a list of fields

🌳 Dot Expander

Expands dot notation field names into nested object structures

📎 Dot Nester

Flattens nested objects into dot notation fields

📋 Enforce Schema

Validates and enforces data schemas on log entries

🔗 Join

Combines array elements

📦 Move

Changes field locations

🔨 Normalize

Converts field names between formats

🔄 Protocol

Converts IANA numbers to protocol names