Universal Normalizer enables you to normalize structured logs, extract their fields and rename those fields to comply with Logpoint taxonomy and add labels.
It provides a generic interface to create, install and update a custom compiled normalizer for the following log types:
JSON
CEF
LEEF
CSV
XML
Key-Value pair
You can generate a custom compiled normalizer in one of two ways:
Add a configuration file to manually or automatically fill it in.
Import the vendor package(s) .pak file containing configuration data like Application Name, Norm Id, Device Category, Log Identifier Regex and Log Type. The packages with Knowledge Base (KB) components of integrations like Unix or Exim are included in the Universal Normalizer, or Logpoint provides a package for a specific integration.
User interface of Universal Normalizer¶
You can edit and export the custom compiled normalizers, except those generated from vendor packages. The generated custom compiled normalizers are compatible with CNDP.