Get Parser Factories

Get a list of parser factories.

HTTP Request

GET /api/sonar/parser-factories
Request using cURL
curl -H "Authorization: Bearer <API_KEY>" \
     https://HOSTNAME/api/sonar/parser-factories

Success Response

Below is an example of the parser factory list. The available parser types dynamically expand as you install a new app.

{
  "groups": ["Syslog", "General", "Script", "SNMP", "File"],
  "factories": [
    {
      "name": "cef",
      "display_name": "CEF",
      "display_group": "General",
      "description": "Parse CEF (Common Event Format) logs.",
      "options": [],
      "deprecated": false
    },
    {
      "name": "csv",
      "display_name": "CSV",
      "display_group": "General",
      "description": "Divide a string into tokens based on the csv format and column names.",
      "options": [
        {
          "type": "string",
          "subtype": null,
          "name": "use_tab",
          "required": false,
          "display_name": "Use tab",
          "description": "Use tab to delimiter. (true or false)",
          "default_value": null
        },
        {
          "type": "string",
          "subtype": null,
          "name": "use_double_quote",
          "required": false,
          "display_name": "Double quote escape",
          "description": "Use double quote to escape. (true or false)",
          "default_value": null
        },
        {
          "type": "string",
          "subtype": null,
          "name": "column_headers",
          "required": false,
          "display_name": "Column headers",
          "description": "Column headers",
          "default_value": null
        },
        {
          "type": "string",
          "subtype": null,
          "name": "target_field",
          "required": false,
          "display_name": "Target field",
          "description": "Target field name",
          "default_value": null
        },
        {
          "type": "string",
          "subtype": null,
          "name": "include_target",
          "required": false,
          "display_name": "Include target",
          "description": "Return also target field (true or false)",
          "default_value": null
        }
      ],
      "deprecated": false
    },
    {
      "name": "json",
      "display_name": "JSON",
      "display_group": "General",
      "description": "Parse JSON format.",
      "options": [
        {
          "type": "string",
          "subtype": null,
          "name": "target_field",
          "required": false,
          "display_name": "Target field",
          "description": "Target field name",
          "default_value": null
        },
        {
          "type": "string",
          "subtype": null,
          "name": "include_target",
          "required": false,
          "display_name": "Include target",
          "description": "Return also target field (true or false)",
          "default_value": null
        }
      ],
      "deprecated": false
    },
    {
      "name": "leef",
      "display_name": "LEEF",
      "display_group": "Syslog",
      "description": "Parse LEEF logs.",
      "options": [],
      "deprecated": false
    },
    {
      "name": "welf",
      "display_name": "WELF Format",
      "display_group": "General",
      "description": "Parse WELF (WebTrends Enhanced Log Format) logs.",
      "options": [],
      "deprecated": false
    },
    {
      "name": "delimiter",
      "display_name": "Delimiter",
      "display_group": "General",
      "description": "Divide a string into tokens based on the given delimiter and column names.",
      "options": [
        {
          "type": "string",
          "subtype": null,
          "name": "delimiter",
          "required": true,
          "display_name": "Delimiter",
          "description": "One delimiter character or 4-digit unicode escape sequence (e.g. \\u0007)",
          "default_value": null
        },
        {
          "type": "string",
          "subtype": null,
          "name": "column_headers",
          "required": false,
          "display_name": "Column headers",
          "description": "Separated by comma",
          "default_value": null
        },
        {
          "type": "string",
          "subtype": null,
          "name": "delimiter_target",
          "required": false,
          "display_name": "Delimiter target field",
          "description": "Delimiter target field name",
          "default_value": null
        },
        {
          "type": "string",
          "subtype": null,
          "name": "include_delimiter_target",
          "required": false,
          "display_name": "Include delimiter target",
          "description": "Return also delimiter target field (true or false)",
          "default_value": null
        }
      ],
      "deprecated": false
    },
    {
      "name": "groovy",
      "display_name": "Groovy",
      "display_group": "Script",
      "description": "Groovy parser script",
      "options": [
        {
          "type": "string",
          "subtype": null,
          "name": "script_name",
          "required": true,
          "display_name": "Script Name",
          "description": "Script file name except .groovy extension",
          "default_value": null
        }
      ],
      "deprecated": false
    },
    {
      "name": "regex",
      "display_name": "Regular Expression",
      "display_group": "General",
      "description": "Parse logs using regular expression.",
      "options": [
        {
          "type": "string",
          "subtype": null,
          "name": "regex",
          "required": true,
          "display_name": "Regex",
          "description": "Regular expression with placeholder.",
          "default_value": null
        },
        {
          "type": "string",
          "subtype": null,
          "name": "field",
          "required": false,
          "display_name": "Target field",
          "description": "Parse target field. 'line' field by default.",
          "default_value": null
        },
        {
          "type": "string",
          "subtype": null,
          "name": "include_original_field",
          "required": false,
          "display_name": "Include original field",
          "description": "Include original field",
          "default_value": null
        }
      ],
      "deprecated": false
    },
    {
      "name": "query",
      "display_name": "Query based parser",
      "display_group": "General",
      "description": "Parse logs using query.",
      "options": [
        {
          "type": "string",
          "subtype": null,
          "name": "query",
          "required": true,
          "display_name": "Query string",
          "description": "Query string for log parsing",
          "default_value": null
        }
      ],
      "deprecated": false
    }
  ]
}
  • groups (Array): List of parser group names
  • factories (Array): List of parser factories
    • name (String): Parser factory name
    • display_name (String): Display name of the parser factory
    • display_group (String): Display group of parser factory
    • description (String): Parser factory description
    • options (Array): Option details
      • type (String): Data type. one of the following: string, integer, boolean.
      • subtype (String): Extension component type in the UI
      • name (String): Configuration option key name
      • required (Boolean): Whether the option is required or not
      • display_name (String): Display name in locale language
      • description (String): Description in locale language
      • default_value (String): Default value to display on screen
    • deprecated (Boolean): Whether to be deprecated or not. If a parser factory was set to "deprecated" in a previous version, it is only available with the existing settings and cannot be modified.