No description, website, or topics provided.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib/embulk/parser
sample_config
spec
.gitignore
.rspec
.ruby-version
Gemfile
LICENSE.txt
README.md
Rakefile
embulk-parser-forcepoint.gemspec

README.md

Forcepoint parser plugin for Embulk

Forcepoint parser plugin for Embulk.

If you convert the fields value, for instance: DateAndTime, Disposition, ClientIP, etc..., using embulk-parser-focepoint with embulk-filter-forcepoint_converter

Overview

  • Plugin type: parser
  • Guess supported: no

Example

Forcepoint logfiles are jsonl. Store it in the data directory.

./data/hosted_[any].gz
       hosted_[any].gz

And logfiles changes to gz files with gzip command.

In config.yml.

in:
  type: file
  path_prefix: ./data/hosted_
  decoders:
    - {type: gzip}
  parser:
    charset: UTF-8
    newline: LF
    type: forcepoint

    schema:
      - {field_name: raw}
      - {field_name: DateAndTime}
      - {field_name: AccountID}
      - {field_name: UserID}
      - {field_name: ClientIP}
      - {field_name: RequestCount}
      - {field_name: ResponseSize}
      - {field_name: Disposition}
      - {field_name: Categories}
      - {field_name: Protocol}
      - {field_name: Port}
      - {field_name: DestinationIP}
      - {field_name: URI}
      - {field_name: AnalyticID}
      - {field_name: ReasonCode}
      - {field_name: ContentStripping}
      - {field_name: ReasonString}
      - {field_name: FileType}
      - {field_name: PolicyName}
      - {field_name: ConentType}
      - {field_name: RemoteHost}
      - {field_name: Method}
      - {field_name: ProxyTime}
      - {field_name: OriginTime}
      - {field_name: ResponseTime}

out:
  type: stdout

Install

$ embulk gem install embulk-parser-forcepoint

Preview

$ embulk preview ./config.yml

Run

$ embulk run ./config.yml