Class: Aws::CloudWatchLogs::Types::ParseToOCSF

Inherits:

Struct

• Object
• Struct
• Aws::CloudWatchLogs::Types::ParseToOCSF

Defined in:

gems/aws-sdk-cloudwatchlogs/lib/aws-sdk-cloudwatchlogs/types.rb

Overview

This processor converts logs into Open Cybersecurity Schema Framework (OCSF) events.

For more information about this processor including examples, see parseToOCSF in the CloudWatch Logs User Guide.

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #event_source ⇒ String

  Specify the service or process that produces the log events that will be converted with this processor.

• #mapping_version ⇒ String

  The version of the OCSF mapping to use for parsing log data.

• #ocsf_version ⇒ String

  Specify which version of the OCSF schema to use for the transformed log events.

• #source ⇒ String

  The path to the field in the log event that you want to parse.

Instance Attribute Details

#event_source ⇒ String

Specify the service or process that produces the log events that will be converted with this processor.

Returns:

• (String)

# File 'gems/aws-sdk-cloudwatchlogs/lib/aws-sdk-cloudwatchlogs/types.rb', line 6350

class ParseToOCSF < Struct.new(
  :source,
  :event_source,
  :ocsf_version,
  :mapping_version)
  SENSITIVE = []
  include Aws::Structure
end

#mapping_version ⇒ String

The version of the OCSF mapping to use for parsing log data.

Returns:

• (String)

# File 'gems/aws-sdk-cloudwatchlogs/lib/aws-sdk-cloudwatchlogs/types.rb', line 6350

class ParseToOCSF < Struct.new(
  :source,
  :event_source,
  :ocsf_version,
  :mapping_version)
  SENSITIVE = []
  include Aws::Structure
end

#ocsf_version ⇒ String

Specify which version of the OCSF schema to use for the transformed log events.

Returns:

• (String)

# File 'gems/aws-sdk-cloudwatchlogs/lib/aws-sdk-cloudwatchlogs/types.rb', line 6350

class ParseToOCSF < Struct.new(
  :source,
  :event_source,
  :ocsf_version,
  :mapping_version)
  SENSITIVE = []
  include Aws::Structure
end

#source ⇒ String

The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.

Returns:

• (String)

# File 'gems/aws-sdk-cloudwatchlogs/lib/aws-sdk-cloudwatchlogs/types.rb', line 6350

class ParseToOCSF < Struct.new(
  :source,
  :event_source,
  :ocsf_version,
  :mapping_version)
  SENSITIVE = []
  include Aws::Structure
end