Processors: Categorized

Processors are fundamental components in log processing pipelines that perform specific operations on log data. They are responsible for transforming, enriching, and manipulating log entries as they flow through the system. Each processor is designed to handle a specific type of operation, from simple field modifications to complex data transformations.

🧠 AI

AI processors harness the power of artificial intelligence APIs for sophisticated content analysis and processing. These processors utilize various AI services to perform advanced text analysis, classification, and generation tasks. They enable intelligent processing of content, making it possible to extract insights and meaning from complex data.

🎭 Anthropic

Processes content with Anthropic's Claude API

⚡ Azure OpenAI

Processes content with Azure OpenAI API

🌟 OpenAI

Uses OpenAI's API for content analysis

💹 Analytics

Analytics processors gather and manipulate data to render the data points suitable for metrics and analyses. They select the data points that reveal critical information about the generators of data, and process them to make the relevant information contained in them more visible.

📊 Confidence

Calculates confidence scores from scoring data with multiple normalization methods

🔍 Debug

Logs debugging information

📊 Dynamic Sample

Adjusts sampling rates

🎲 Sample

Reduces data volume by sampling

🎯 Score

Evaluates and scores data against configurable rules for pattern recognition and classification

🧮 Arithmetic

Arithmetic processors perform mathematical operations and calculations on numeric field values within log data. They support basic mathematical functions like addition, subtraction, multiplication, and division, as well as more complex operations such as calculating percentages, averages, and statistical computations. These processors enable quantitative analysis of log data by transforming raw numbers into meaningful metrics and derived values.

📊 Abs

Absolute value of a field

➕ Add

Adds numeric values

🔼 Ceil

Rounds numbers up

🔢 Checksum

Calculates cryptographic and non-cryptographic checksums of field values

➗ Divide

Divides values

🔽 Floor

Rounds numbers down

📵 Math

Performs mathematical operations

🔼 Max

Calculates the maximum value

🔽 Min

Calculates the minimum value

🔄 Modulo

Calculates the remainder

✖️ Multiply

Multiplies two numeric values

🔢 Ordinal

Converts numbers to ordinal format in multiple languages

⚡ Power

Raises a numeric value to a power

🔄 Round

Rounds numeric values

√ Sqrt

Calculates the square root

➖ Subtract

Subtracts numeric values

🔀 Flow Control

Flow Control processors manage the execution paths and logic within processing pipelines. They direct how documents move through the system, handle conditional processing, filtering, and organize pipeline structure. These processors are essential for creating sophisticated processing logic and maintaining efficient pipeline organization.

🔀 Case

Conditional field assignment using case-when logic

➡️ Continue

Continues to the next processor in the pipeline chain

🔍 Contains

Checks the presence of a value

📅 Date Index

Generates time-based index names

🚫 Drop

Conditionally stops processing a document

❌ Fail

Raises failures when conditions are met

🏁 Final

Terminates a pipeline

🔄 Foreach

Applies processors to arrays

🎯 Go To

Jumps to specific points in the processing pipeline

📦 Group

Groups multiple processors together for conditional execution and organization

❓ IFF

Conditional field assignment processor

🔁 Pipeline

Executes another pipeline

🎯 Regex Filter

Filters events using regexes

⏹️ Return

Finalizes processing and prevents further pipeline execution

🔀 Reroute

Directs logs to specific destinations

📜 Script

Executes scripts

🎯 Select

Extracts a specific element from arrays by position

✂️ Slice

Extracts a portion of an array field

✂️ Take

Extracts a specified number of characters or elements from strings and arrays

⌚ Date and Time

Date and Time processors handle temporal data operations including parsing, formatting, and manipulating date and time values. They convert between different date formats, extract time components, calculate time differences, and manage timezone conversions. These processors are essential for standardizing temporal data and performing time-based analysis on log entries.

📅 Date

Parses dates from date fields

⏱️ Duration

Converts durations to seconds

⏰ Time Shift

Shifts timestamps by specified amounts with timezone conversion

⏸️ Wait

Introduces a time delay

💠 Enrich

Enrichment processors enhance log data by incorporating additional context and information from external sources. They add value to existing data by integrating geographical information, performing DNS lookups, and adding domain intelligence. These processors connect with external databases and services to provide comprehensive context to your log data, making it more valuable for analysis and understanding.

🔑 AAD Error Code

Converts Azure Active Directory error codes to human-readable descriptions

📎 Attachment

Extracts content and metadata

⭕ Circle

Converts circles to polygons

🔍 DNS Lookup

Performs and caches DNS lookups

🔍 Error Code

Decodes Windows system error codes into human-readable descriptions

💠 Enrich

Enriches documents using lookup tables and SQL queries

🌐 Geo Grid

Converts geo-grid definitions to shapes

🗺️ Geo IP

Adds geographic information

📖 Lookup

Enriches documents using lookup tables

🔄 Protocol

Converts IANA numbers to protocol names

🌍 Registered Domain

Extracts domain components

❄️ Snowflake

Generates a unique Snowflake ID

🔧 Data Manipulation

Data Manipulation processors modify existing data fields and values to ensure proper formatting and structure. They handle tasks such as appending values, converting data types, managing field structures, string manipulation, and data transformation. These processors are fundamental for maintaining data consistency and preparing information for further processing or analysis.

➕ Append

Appends values to fields

🎒 Bag Pack

Creates a map (bag) from key-value pairs with template support

📏 Bytes

Expresses values in bytes

🐪 Camel Case

Converts strings to camelCase format

🧹 Clean

Removes unwanted characters from string fields with configurable cleaning modes

🔗 Coalesce

Returns the first non-null, non-empty value from a list of fields

🎯 Compact

Removes empty fields from documents

🔄 Convert

Converts values between types

🌳 Dot Expander

Expands dot notation field names into nested object structures

📎 Dot Nester

Flattens nested objects into dot notation fields

🔅 Dot Case

Converts strings to dot.case format

📋 Enforce Schema

Validates and enforces data schemas on log entries

🔄 Expand Range

Expands range expressions into arrays of individual values

🔄 Gsub

Regular expression-based replacement

🔗 Join KV

Converts key-value pairs to a string

🔗 Join

Combines array elements

✅ Keep

Keeps only specified fields

🍖 Kebab Case

Converts strings to kebab-case format

🗜️ Minify

Minifies XML, JSON, and HTML content for performance optimization

📦 Move

Changes field locations

🔨 Normalize

Converts field names between formats

🏠 Pascal Case

Converts strings to PascalCase format

🔄 Print

Creates formatted strings using template values and field references

🗑️ Remove

Removes fields

🏷️ Rename

Renames fields

🔄 Replace

Performs string replacement operations with case-sensitive and case-insensitive options

📦 Serialize

Converts structured data to serialized formats like JSON, XML, CSV, and TSV

✏️ Set

Sets the value of a field

🐍 Snake Case

Converts strings to snake_case format

🔀 Sort

Sorts values in a field

➗ Split

Split a string on a separator

🎩 Title Case

Converts strings to Title Case format

🔓 Decode

Decode processors specialize in decoding and decrypting encoded data formats. They handle operations like JWT token decoding, ACL information extraction, hexadecimal to ASCII conversion, and other specialized decoding tasks. These processors are essential for converting encoded or encrypted data into readable formats for further processing.

🔐 ACL Decode

Extracts and decodes Access Control List (ACL) information from fields

🔢 Binary Decode

Decodes binary strings (e.g., "01000001") to ASCII (e.g., "A")

🎨 Color Decode

Processes and converts between different color format representations

🔢 Hex Decode

Decodes hexadecimal strings to ASCII representation

🔑 JWT Decode

Decodes JSON Web Tokens into header, claims, and signature components

🎟️ Kerberos Decode

Extracts and decodes Kerberos ticket information

🔐 SID Decode

Extracts and decodes Windows Security Identifier (SID) information

🔓 URL Decode

Decodes URL-encoded strings

🖧 Networking

Networking processors handle network-related data operations and communications. They perform network protocol analysis, manage IP address operations, conduct DNS lookups, and handle network connectivity tasks. These processors are vital for processing network logs, analyzing network traffic patterns, and enriching data with network intelligence.

🔑 Community ID

Computes a community ID hash

🌐 DNS Query Type

Converts DNS query type numbers to human-readable names

📡 DNS Response Code

Converts DNS response code numbers to human-readable names

🌐 HTTP Status

Converts HTTP status codes to human-readable status names

📡 ICMP Type

Converts ICMP type codes to human-readable type names

🌍 IP Type

Determines IP address type (IPv4/IPv6) and network classification (Public/Private)

🔌 Network Direction

Determines network traffic direction

🌐 Network Protocol

Converts network protocol numbers to human-readable protocol names

🔄 Protocol

Converts IANA numbers to protocol names

📋 Parse

Parsing processors transform raw data into structured formats by extracting meaningful information from various input types. They handle multiple data formats and message types, converting them into structured data. These processors excel at converting unstructured or semi-structured data into well-organized, usable formats by applying patterns and rules to extract relevant fields.

📨 CEF

Parses CEF messages

🔗 Concat

Concatenates values from multiple fields into a single string

📄 CSV

Parses CSV data

💾 Data Size

Parses human-readable data sizes (e.g., "1kb") to byte values

🔪 Dissect

Parses data using pre-defined patterns

🏷️ FQDN

Parses and extracts components from fully qualified domain names and hostnames

🎯 Grok

Extracts fields with patterns

🧹 HTML Strip

Removes HTML tags

📄 JSON

Parses JSON data

🗝️ Key-Value

Parses key=value formatted messages into structured fields

🧩 KV Pair

Extracts key-values pairs

📩 LEEF

Parses LEEF messages

📶 Level

Extracts log levels from messages

🧩 Pattern

Extracts structured patterns from log messages

🧩 Regex Extract

Extracts fields with named capture groups

🔄 Regex Replace

Replaces text patterns using regular expressions

📝 Syslog

Parses syslog messages

📝 Unix Permission

Extracts and decodes Unix file permission information

🔗 URI Parts

Parses URI strings into fields

🤖 User Agent

Parses agent strings

📑 XML

Parses XML into maps

🛡️ Security

Security processors focus on protecting sensitive information and managing data security. They implement encryption and decryption operations, generate document signatures, and handle data masking and redaction. These processors ensure that sensitive information is properly protected while maintaining the utility of the data for analysis.

🔑 Community ID

Computes a community ID hash

🔓 Decrypt

Removes AES encryption from a field

🔒 Encrypt

Encrypts string values using AES encryption with optional compression

🔑 Fingerprint

Generates hashes to sign documents

🎭 Mask

Masks sensitive data with hashes

⬛ Redact

Masks sensitive data

👤 Username Type

Identifies and classifies username formats according to ASIM standards

🪟 Windows User Type

Classifies Windows user accounts based on username and SID patterns according to ASIM standards

📝 Text Processing

Text Processing processors specialize in advanced text manipulation and analysis operations beyond basic string handling. They perform sophisticated text operations such as natural language processing, text classification, sentiment analysis, and complex string transformations. These processors are designed to extract meaningful insights from textual content and perform advanced linguistic operations on text fields within log data.

🔤 Capitalize

Capitalizes the first letter of strings while making the rest lowercase

💭 Comment

Adds an explanatory comment

📊 Humanize

Converts numbers to human-readable format with metric prefixes

⬅️ Keep First

Keeps first N characters of strings or N elements of arrays

➡️ Keep Last

Keeps last N characters of strings or N elements of arrays

⬇️ Lowercase

Converts strings to lowercase

🎲 Random String

Generates random strings with specified length and character sets

✂️ Substring

Extracts substrings from string fields

📋 Text Wrap

Wraps text to specified widths by inserting line breaks

✂️ Trim First

Removes characters or keywords from the beginning of strings

✂️ Trim Last

Removes characters or keywords from the end of strings

✂️ Trim

Removes spaces from the head and tail

⬆️ Uppercase

Converts strings to uppercase

🕵️ Threat Intelligence

Threat Intelligence processors integrate with external security services to provide context about potential security threats. They connect with various threat intelligence providers to retrieve and incorporate security data. These processors are crucial for security analysis and threat detection, providing real-time intelligence about potential security risks.

👽 AlienVault

Retrieves threat intelligence from AlienVault

☁️ Cloudflare Intel

Retrieves intelligence from Cloudflare's API

🆔 CPID

Generates a Common Process ID

📊 IP Quality Score

Enriches data with IP Quality Score

🛡️ VirusTotal

Enriches data with VirusTotal threat intelligence