app-115003781805.png

JSON Normalizer

JSON Normalizer includes a JSONCompiledNormalizer that can normalize JSON logs while preserving the essential information in the nested structure. JSON Normalizer is designed to handle JSON logs efficiently and effectively when an integration doesn’t have a pre-built normalizer for JSON files. Whether or not to use the JSON Normalizer will depend on your use cases and requirements. One key advantage of using the JSON Normalizer is that it can provide faster performance and memory usage as it compiles the normalization rules into a specialized, optimized format that can be executed quickly and efficiently.

Release Details
Version:5.1.3
Release date:2024-01-13
Document date:2024-01-13
Supported On: Logpoint v6.7.0 and later
SHA 256: c947adfacdf8bab429f5c5ee5604f94a58aeba2364051810efb369a017ed795a
Documentation: JSON Normalizer Guide
Download

Package Details

 

 

 

 

 

 

 

 

 

Key Information

  • The JSONCompiledNormalizer is generic, so you must put the normalization package at the end of the normalization policy along with other generic packages. 
  • JSON Normalizer provides minimal support for key renaming and labeling. For detailed guidance or assistance in customizing the data or sending JSON logs from any device, contact Logpoint Support.

Enhancement

Description
Issue ID
Reference ID
You can now configure a date format for JSONCompiledNormalizer using CompiledNormalizer Date Preference (CNDP). To learn how, go to CNDP. KB-23277 -
A raw log's field name containing hyphen (-) is replaced with underscore (_) when normalized by JSONCompiledNormalizerFor example, the Network_Message-ID field of a raw log is mapped as network-message-id. KB-21002 74368

Bug Fix

Description
Issue ID
Reference ID

The eventTime field of a raw log was not mapped as log_ts field by JSONCompiledNormalizer.

KB-22217 77424

Past Releases

JSON Normalizer v5.1.1

Release Date: March 13, 2023

Supported On: Logpoint v6.7.0 and later

Download: JSONNormalizer_5.1.1.pak

SHA256: 0c5e0174a79568dfa717689824054df6082cc7c47ce5833f3c3f5a1c99ecf071

Enhancement

Description

Issue ID

Reference ID

Implemented a new error logging mechanism to identify and diagnose errors in the JSON data that prevents JSONCompiledNormalizer to correctly parse or process JSON logs. KB-20254 -

JSON Normalizer v5.1.0

Release Date: June 29, 2022

Supported On: LogPoint v6.7.0 and later

Download: JSONNormalizer_5.1.0.pak

SHA256: 4e0591539c4e3b7542f00ffe04e610bfc5f4e68d11492abeaf2476f3764c264c

Bug Fixes

The following issues are fixed:

Description

Issue ID

Reference ID

JSONCompiledNormalizer failed to normalize JSON logs when there was a space before curly braces.

KB-13267

56202

JSONCompiledNormalizer did not normalize the MSG field.

KB-16107

64213

JSONCompiledNormalizer removed the leading zeros. For instance, 000110101 was normalized as 110101.

KB-17008

66774


Support

If you have any queries or require assistance, please feel free to contact our support team:

Email: servicedesk@logpoint.com
Phone: +45 7060 6100

Best regards,
untitled.svg

Comments

  • Avatar
    Johan

    You write that Windows is supported, but what kind of Windows event sources does it support? Does it support PowerShell, Sysmon, DNS, etc. that can log to the Windows event log?

    Comment actions Permalink
  • Avatar
    Permanently deleted user

    Hello Johan,

    It supports any type the logs in JSON format with syslog header.

    Comment actions Permalink

Article is closed for comments.