Logz.io automatically parses logs shipped from many platforms, services, containers, servers, and more.
The shipping configuration includes a log type parameter that determines which pipeline is used to parse the data. In OpenSearch Dashboards, it is indicated by a field named type.
Logz.io offers many pre-built parsing pipelines for a large number of log sources, as shown below. If you need a new pipeline created or want a customized version of an existing pipeline, contact Logz.io Support. Parsing-as-a-service is included in your package and we’re happy to offer it.
You can replace the @timestamp field, which is the Time column in your Log analytics discover view, by sending it in a different format. The available formats are: ISO8601 - 2023-05-21T12:45:10+00:00, UNIX - 1684662310, and UNIX_MS - 1684673200471.
Built-in log types
This table shows the log types that Logz.io parses automatically.
| Description | Type | Prebuilt parsing pipeline unless marked |
|---|---|---|
| Alcide kAudit | alcide-kaudit |
✖️ Auto-parsed as part of platform integration. |
| Apache access | apache, apache_access, apache-access |
✔ |
| Auditd | auditd |
✔ |
| Avast | avast |
✔ |
| AWS CloudFront | cloudfront |
✔ |
| AWS CloudTrail | cloudtrail |
✔ |
| AWS ELB | elb |
✔ |
| AWS Fargate | fargate |
✖️ Auto-parsed as part of platform integration. |
| AWS GuardDuty | guardduty |
✔ |
| AWS Route 53 | route_53 |
✔ |
| AWS S3 access | S3Access |
✔ |
| AWS VPC Flow | vpcflow |
✔ |
| AWS WAF | awswaf |
✖️ Auto-parsed as part of platform integration. |
| Checkpoint | checkpoint |
✔ |
| Cisco ASA | cisco-asa |
✔ |
| Cisco Meraki | cisco-meraki |
✔ |
| Collectl tab | collectl-tab |
✔ |
| Crowdstrike | crowdstrike |
✔ |
| Docker | docker_logs |
✔ |
| Docker Collector Logs | docker-collector-logs |
✔ |
| Elasticsearch | elasticsearch |
✔ |
| ESET | eset |
✔ |
| EventHub | eventHub |
✔ |
| Fail2ban | fail2ban |
✔ |
| Falco | falco |
✔ |
| Fargate | fargate |
✖️ Auto-parsed as part of platform integration. |
| Fortigate | fortigate |
✔ |
| GitHub | github |
✖️ Auto-parsed as part of platform integration. |
| GPFS | gpfs |
✔ |
| HAProxy Load Balancer | haproxy |
✔ |
| Jenkins | jenkins |
✔ |
| Juniper | juniper |
✔ |
| Kafka | kafka_server |
✔ |
| Kubernetes | k8s |
✖️ Auto-parsed as part of platform integration. |
| Mcafee EPO | mcafee_epo |
✔ |
| Microsoft IIS | iis |
✔ |
| ModSecurity | modsecurity |
✖️ Auto-parsed as part of platform integration. |
| MongoDB | mongodb |
✔ |
| Monit | monit |
✔ |
| MySQL | mysql |
✔ |
| MySQL error | mysql_error |
✔ |
| MySQL monitor | mysql_monitor |
✔ |
| MySQL slow query | mysql_slow_query |
✔ |
| Nagios | nagios |
✔ |
| NGINX access | nginx, nginx_access, nginx-access |
✔ |
| NGINX error | nginx-error |
✔ |
| NGINX error | nginx_error |
✔ |
| o365 | o365 |
✔ |
| OpenVAS | openvas |
✔ |
| OpenVPN | openvpn |
✔ |
| OSSEC | ossec |
✔ |
| Trend Micro | trendmicro_deep |
✔ |
| Palo Alto Networks | paloalto |
✔ |
| Performance-tab | performance-tab |
✔ |
| pfSense | pfsense |
✔ |
| Sentinel One | sentinel_one |
✔ |
| Sonicwall | sonicwall |
✔ |
| Sophos Intercept X | sophos-ep |
✖️ Auto-parsed as part of platform integration. |
| Stormshield | stormshield |
✔ |
| Sysmon | wineventlog |
✔ |
| Windows WinEventLog | wineventlog |
✔ |
| Zeek | zeek |
✔ |
| Zipkin span | zipkinSpan |
✔ |