This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

Looking for Guidance on JSON Log Parser Creation

Posted on 02-06-2025 01:51 AM
skadav
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Hi everyone,

I’m looking for a guide or best practices on creating parsers for JSON logs. If anyone has experience or resources to share, I’d appreciate your insights!

Thanks in advance.

1 3 127
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
sudeep_singh
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi @skadav ,

Can you share the smaple logs of what kind of Json logs you want to parse ?

0 Likes

Posted on --/--/---- --:-- AM
mikewilusz
Staff
Reply posted on --/--/---- --:-- AM

You may find one of my Medium posts useful: https://medium.com/@cloudymike/parsing-netflow-data-in-google-secops-2f1b0f58ea49

I walk through building a parser, from scratch, for a JSON log (Netflow in this example).

-mike

Posted on --/--/---- --:-- AM
t-martin
Staff
Reply posted on --/--/---- --:-- AM

@skadav SecOps just announced a public preview of auto-extraction for JSON logs. You may be able to utilize this feature for what you're trying to accomplish. Check out more details here:

https://cloud.google.com/chronicle/docs/event-processing/auto-extraction

 

Top Solution Authors
View all