Cisco Serializer
Serialize Cisco log events for specific observability destinations.
Overview
The Cisco Serializer transform is designed to serialize Cisco log events into formats compatible with specific observability destinations, such as Azure Sentinel, Splunk, or Socket. It allows seamless integration of Cisco logs into your observability pipeline, enhancing log management and event tracking.
Configuration Parameters
Name
Type: String
User-specified name of the Cisco Serializer source. This name is used in various parts of the system, such as pipeline views, to identify and reference the Cisco Serializer configuration.
Description
Type: String
A brief description of the Cisco Serializer source’s role within the observability pipeline.
Serializer
Enabled
Type: Boolean
Enables or disables the Cisco Serializer. Set to true to activate the transform, and false to deactivate it.
Cisco Field Name
Type: String
The field name that contains Cisco log data. This is a required field and cannot be left empty.
Cisco Metadata Field
Type: String
Specifies the metadata field used when the Cisco parser was added. This is a required field for ensuring proper log data mapping.
Output
Type: Enum
The output destination where the serialized Cisco logs will be sent. Supported output options include:
Azure Sentinel
Splunk
Socket
Examples
Example 1: Basic Cisco Serializer Configuration
Suppose you want to serialize logs for Cisco devices with the metadata field log.metadata.cisco and send it to an Azure Sentinel destination.
Name:
CiscoSerializer1Cisco Field Name:
log.data.ciscoCisco Metadata Field:
log.metadata.ciscoOutput:
Azure Sentinel
Example 2: Splunk Destination
If you're working with Splunk as the destination, here’s how you would set it up:
Name:
CiscoToSplunkCisco Field Name:
log.event.ciscoCisco Metadata Field:
log.meta.ciscoOutput:
Splunk
This configuration will serialize all Cisco log events and send them to Splunk for further analysis and monitoring.
Was this helpful?