Module Values.ParseToOCSFSource

This processor converts logs into Open Cybersecurity Schema Framework (OCSF) events. For more information about this processor including examples, see parseToOCSF in the CloudWatch Logs User Guide.

Sourcetype nonrec t = {
  1. source : Source.t option;
    (*

    The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.

    *)
  2. eventSource : EventSource.t;
    (*

    Specify the service or process that produces the log events that will be converted with this processor.

    *)
  3. ocsfVersion : OCSFVersion.t;
    (*

    Specify which version of the OCSF schema to use for the transformed log events.

    *)
  4. mappingVersion : MappingVersion.t option;
    (*

    The version of the OCSF mapping to use for parsing log data.

    *)
}
Sourceval context_ : string
Sourceval make : ?source:??? -> ?mappingVersion:??? -> eventSource:EventSource.t -> ocsfVersion:OCSFVersion.t -> unit -> t
Sourceval to_value : t -> [> `Structure of (string * [> `Enum of string | `String of Source.t ]) list ]
Sourceval to_query : t -> Awso.Client.Query.t
Sourceval of_xml : Awso.Xml.t -> t
Sourceval of_string : string -> t
Sourceval of_json : Yojson.Safe.t -> t
Sourceval to_json : t -> Yojson.Safe.t