/AWS1/CL_CWLPARSETOOCSF¶

This processor converts logs into Open Cybersecurity Schema Framework (OCSF) events.

For more information about this processor including examples, see parseToOCSF in the CloudWatch Logs User Guide.

`CONSTRUCTOR`¶

IMPORTING¶

Required arguments:¶

`iv_eventsource` `TYPE /AWS1/CWLEVENTSOURCE` `/AWS1/CWLEVENTSOURCE`¶

Specify the service or process that produces the log events that will be converted with this processor.

`iv_ocsfversion` `TYPE /AWS1/CWLOCSFVERSION` `/AWS1/CWLOCSFVERSION`¶

Specify which version of the OCSF schema to use for the transformed log events.

Optional arguments:¶

`iv_source` `TYPE /AWS1/CWLSOURCE` `/AWS1/CWLSOURCE`¶

The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.

`iv_mappingversion` `TYPE /AWS1/CWLMAPPINGVERSION` `/AWS1/CWLMAPPINGVERSION`¶

Identifies the specific release of the Open Cybersecurity Schema Framework (OCSF) transformer being used to parse OCSF data. Defaults to the latest version if not specified. Does not automatically update.

Queryable Attributes¶

source¶

The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.

Accessible with the following methods¶

Method	Description
`GET_SOURCE()`	Getter for SOURCE, with configurable default
`ASK_SOURCE()`	Getter for SOURCE w/ exceptions if field has no value
`HAS_SOURCE()`	Determine if SOURCE has a value

eventSource¶

Specify the service or process that produces the log events that will be converted with this processor.

Accessible with the following methods¶

Method	Description
`GET_EVENTSOURCE()`	Getter for EVENTSOURCE, with configurable default
`ASK_EVENTSOURCE()`	Getter for EVENTSOURCE w/ exceptions if field has no value
`HAS_EVENTSOURCE()`	Determine if EVENTSOURCE has a value

ocsfVersion¶

Specify which version of the OCSF schema to use for the transformed log events.

Accessible with the following methods¶

Method	Description
`GET_OCSFVERSION()`	Getter for OCSFVERSION, with configurable default
`ASK_OCSFVERSION()`	Getter for OCSFVERSION w/ exceptions if field has no value
`HAS_OCSFVERSION()`	Determine if OCSFVERSION has a value

mappingVersion¶

Identifies the specific release of the Open Cybersecurity Schema Framework (OCSF) transformer being used to parse OCSF data. Defaults to the latest version if not specified. Does not automatically update.

Accessible with the following methods¶

Method	Description
`GET_MAPPINGVERSION()`	Getter for MAPPINGVERSION, with configurable default
`ASK_MAPPINGVERSION()`	Getter for MAPPINGVERSION w/ exceptions if field has no valu
`HAS_MAPPINGVERSION()`	Determine if MAPPINGVERSION has a value

/AWS1/CL_CWLPARSETOOCSF¶

CONSTRUCTOR¶

IMPORTING¶

Required arguments:¶

iv_eventsource TYPE /AWS1/CWLEVENTSOURCE /AWS1/CWLEVENTSOURCE¶

iv_ocsfversion TYPE /AWS1/CWLOCSFVERSION /AWS1/CWLOCSFVERSION¶

Optional arguments:¶

iv_source TYPE /AWS1/CWLSOURCE /AWS1/CWLSOURCE¶

iv_mappingversion TYPE /AWS1/CWLMAPPINGVERSION /AWS1/CWLMAPPINGVERSION¶

Queryable Attributes¶

source¶

Accessible with the following methods¶

eventSource¶

Accessible with the following methods¶

ocsfVersion¶

Accessible with the following methods¶

mappingVersion¶

Accessible with the following methods¶

`CONSTRUCTOR`¶

`iv_eventsource` `TYPE /AWS1/CWLEVENTSOURCE` `/AWS1/CWLEVENTSOURCE`¶

`iv_ocsfversion` `TYPE /AWS1/CWLOCSFVERSION` `/AWS1/CWLOCSFVERSION`¶

`iv_source` `TYPE /AWS1/CWLSOURCE` `/AWS1/CWLSOURCE`¶

`iv_mappingversion` `TYPE /AWS1/CWLMAPPINGVERSION` `/AWS1/CWLMAPPINGVERSION`¶