1. Logpoint Service Desk
  2. Community
  3. Data Integration

Automatic Normalization

Avatar
Follow
0

It would be great if there were some means to automatically select the respective normalizers automatically. This would reduce the implementation overhead and also help us select the best available normalizers. We could leave a process to analyze the logs and find the normalizers it requires at the start of the implementation and allow it some time to process.

What are the limitations/drawback for doing so?

Share This Post:

1 comment

Date Votes
0
Avatar
Daniel Roth

I can se a couple of problems in this:

1: Unneccesary overhead due to multiple normalization rules needed to be evaluated before finding a match

2: Some device types have “common” catch-all rules that will only normalize some parts of the entire log event, preventing which means that if there are any better suited normalization rules that are coming after that rule will never be evaluated and you’ll end up with bad normalizations.  These “catch-all” normalization packages should always be placed at the bottom in your normalization rule.

Please sign in to leave a comment.