JSON Normalizer
JSON Normalizer includes a JSONCompiledNormalizer that can normalize JSON logs while preserving the essential information in the nested structure. JSON Normalizer is designed to handle JSON logs efficiently and effectively when an integration doesn’t have a pre-built normalizer for JSON files. Whether or not to use the JSON Normalizer will depend on your use cases and requirements. One key advantage of using the JSON Normalizer is that it can provide faster performance and memory usage as it compiles the normalization rules into a specialized, optimized format that can be executed quickly and efficiently.
Package Details
Key Information
- The JSONCompiledNormalizer is generic, so you must put the normalization package at the end of the normalization policy along with other generic packages.
-
JSON Normalizer provides minimal support for key renaming and labeling. For detailed guidance or assistance in customizing the data or sending JSON logs from any device, contact Logpoint Support.
Enhancement
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
| You can now configure a date format for JSONCompiledNormalizer using CompiledNormalizer Date Preference (CNDP). To learn how, go to CNDP. | KB-23277 | - |
| A raw log's field name containing hyphen (-) is replaced with underscore (_) when normalized by JSONCompiledNormalizer. For example, the Network_Message-ID field of a raw log is mapped as network-message-id. | KB-21002 | 74368 |
Bug Fix
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
The eventTime field of a raw log was not mapped as log_ts field by JSONCompiledNormalizer. |
KB-22217 | 77424 |
Past Releases
JSON Normalizer v5.1.1
Supported On: Logpoint v6.7.0 and later
Download: JSONNormalizer_5.1.1.pak
SHA256: 0c5e0174a79568dfa717689824054df6082cc7c47ce5833f3c3f5a1c99ecf071
Enhancement
|
Description |
Issue ID |
Reference ID |
| Implemented a new error logging mechanism to identify and diagnose errors in the JSON data that prevents JSONCompiledNormalizer to correctly parse or process JSON logs. | KB-20254 | - |
JSON Normalizer v5.1.0
Supported On: LogPoint v6.7.0 and later
Download: JSONNormalizer_5.1.0.pak
SHA256: 4e0591539c4e3b7542f00ffe04e610bfc5f4e68d11492abeaf2476f3764c264c
Bug Fixes
The following issues are fixed:
|
Description |
Issue ID |
Reference ID |
|
JSONCompiledNormalizer failed to normalize JSON logs when there was a space before curly braces. |
KB-13267 |
56202 |
|
JSONCompiledNormalizer did not normalize the MSG field. |
KB-16107 |
64213 |
|
JSONCompiledNormalizer removed the leading zeros. For instance, 000110101 was normalized as 110101. |
KB-17008 |
66774 |
Support
If you have any queries or require assistance, please feel free to contact our support team:
Email: servicedesk@logpoint.com
Phone: +45 7060 6100
Best regards,
You write that Windows is supported, but what kind of Windows event sources does it support? Does it support PowerShell, Sysmon, DNS, etc. that can log to the Windows event log?
Hello Johan,
It supports any type the logs in JSON format with syslog header.