The automatic parser automatically detects the timestamp within the first 200 characters of a line. The format of auto-detected time stamps are the same as for the timestamp parser.
The automatic parser does not have any options. In addition to the automatic detection of the timestamp, the Key/Value parser runs on the log entry and automatically detects any existing key/value pairs in the logs and extracts the fields accordingly. For example,
[filelog|some_logs] directory=/var/log include=* parser=auto
As with other parsers, you can define a separate action for the automatic parser.
[filelog|kvplogs] directory=C:\temp_logs\csv-itbm include=*.txt parser=myauto [parser|myauto] base_parser=auto debug=yes
If you have debug enabled for the automatic parser, additional information about parsing is printed. For example, information about on which log the automatic parser was run, and which fields ere extracted from the log.
The default value for debug is debug=no for parsers.
=) is preceded by a randomly generated key, it is a best practice not to use the automatic parser, because it generates many random fields, which might lead to UI and query performance issues. Instead, you can use the KVP parser by specifying the fields that need to be parsed.
