The Devo Parser is one of the secret spices of our unique Hyperstream technology. The Parsers organize raw events stored in tags in different columns and display them in the corresponding tables. This method completely bypasses data indexing and contributes to Devo’s amazing search speeds. Every data source is unique, so we have a great catalog of existing parsers. Our teams review parser performance, build new parsers and update parsers on a regular basis. This article covers all the updated and new parsers available this month. If you require a new parser, please open a support ticket through the support portal located here. You can also visit the new Resources Portal, a single page for all your customer resources!

Table of Contents

Updated Parsers

network.citrix

• Fixes
  • Added a fix to parse user info from the logs:
    • network.citrix.adc.aaatm
    • network.citrix.adc.aaa

auth.all

• Improvements
  • Updated mappings in auth.all union

firewall.barracuda

• Fixes
  • Fixed parsing issue causing log data to be parsed in the wrong fields:
    • firewall.barracuda.threat

cloud.office365

• Added
  • Added new field:
    • cloud.office365.management.quarantine

firewall.cisco

• Improvements
  • Updated parsing rules to parse new log types:
    • firewall.cisco.asa

firewall.sophos

• Improvements
  • Added new fields to firewall.all.traffic union and fixed rules in firewall.sophos.xgfirewall.firewall to parse tran_src_port and tran_dst_port:
    • firewall.sophos.xgfirewall.firewall
    • firewall.all.traffic

firewall.watchguard

• Improvements
  • Added and fixed rules to parse newer types of logs:
    • firewall.watchguard.event

adn.f5

• Improvements
  • Added rules to parse newer types of logs:
    • adn.f5.bigip.apm