You can configure parsers for both FileLog and WinLog collectors.

Prerequisites

For the VMware Aria Operations for Logs Linux Agent:
  • Log in as root or use sudo to run console commands.
  • Log in to the Linux machine on which you installed the VMware Aria Operations for Logs Linux Agent, open a console and run pgrep liagent to verify that the Linux Agent is installed and running.
For the VMware Aria Operations for Logs Windows Agent:
  • Log in to the Windows machine on which you installed the VMware Aria Operations for Logs Windows Agent and start the Services manager to verify that the VMware Aria Operations for Logst service is installed.

Procedure

  1. Navigate to the folder containing the liagent.ini file.
    Operating System Path
    Linux /var/lib/loginsight-agent/
    Windows %ProgramData%\VMware\Log Insight Agent
  2. Open the liagent.ini file in any text editor.
  3. To configure a specific parser, define a parser section. [parser|myparser]

    Where myparser is an arbitrary name of the parser which can be referred from log sources. Parser section should refer to any built in (or any other defined) parser and configure that parser’s mandatory options and non-required options if needed.

    For example, base_parser=csv shows that myparser parser is derived from built-in parser csv. It expects that input logs consist of two fields which are separated with a semicolon. 
    [parser|myparser]

base_parser=csv

fields=field_name1,field_name2

delimiter=“;”
  4. After defining myparser, refer to it from log sources winlog or filelog. 
    [filelog|some_csv_logs]

directory=D:\Logs

include=*.txt;*.txt.*

parser=myparser
    The logs collected from some_csv_logs sources, for example from the D:\Logs directory, are parsed by myparser and extracted events appear on the server as field_name1 and field_name2 respectively.
    Note: The static logs in the D:\Logs directory are not get pulled into VMware Aria Operations for Logs by the agent. However, new files that are created in the D:\Logs directory are available in VMware Aria Operations for Logs.
  5. Save and close the liagent.ini file.