Class: Aws::CloudWatchLogs::Types::ParseToOCSF

Inherits:

Struct

• Object
• Struct
• Aws::CloudWatchLogs::Types::ParseToOCSF

Includes:

Structure

Defined in:

lib/aws-sdk-cloudwatchlogs/types.rb

Overview

This processor converts logs into [Open Cybersecurity Schema Framework (OCSF)] events.

For more information about this processor including examples, see

parseToOCSF][2

in the *CloudWatch Logs User Guide*.

[1]: ocsf.io [2]: docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseToOCSF

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #event_source ⇒ String

  Specify the service or process that produces the log events that will be converted with this processor.

• #mapping_version ⇒ String

  The version of the OCSF mapping to use for parsing log data.

• #ocsf_version ⇒ String

  Specify which version of the OCSF schema to use for the transformed log events.

• #source ⇒ String

  The path to the field in the log event that you want to parse.

Instance Attribute Details

#event_source ⇒ String

Specify the service or process that produces the log events that will be converted with this processor.

Returns:

• (String)

# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 7079

class ParseToOCSF < Struct.new(
  :source,
  :event_source,
  :ocsf_version,
  :mapping_version)
  SENSITIVE = []
  include Aws::Structure
end

#mapping_version ⇒ String

The version of the OCSF mapping to use for parsing log data.

Returns:

• (String)

# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 7079

class ParseToOCSF < Struct.new(
  :source,
  :event_source,
  :ocsf_version,
  :mapping_version)
  SENSITIVE = []
  include Aws::Structure
end

#ocsf_version ⇒ String

Specify which version of the OCSF schema to use for the transformed log events.

Returns:

• (String)

# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 7079

class ParseToOCSF < Struct.new(
  :source,
  :event_source,
  :ocsf_version,
  :mapping_version)
  SENSITIVE = []
  include Aws::Structure
end

#source ⇒ String

The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.

Returns:

• (String)

# File 'lib/aws-sdk-cloudwatchlogs/types.rb', line 7079

class ParseToOCSF < Struct.new(
  :source,
  :event_source,
  :ocsf_version,
  :mapping_version)
  SENSITIVE = []
  include Aws::Structure
end