Inspect Telemetry

Within the expanded snapshot row view, there are several helpful Pipeline Intelligence features for logs. When expanding the row, Pipeline Intelligence will automatically detect the log's log type and body format. Actions will appear for parsing or standardization, if needed.

Get Log Types

Automatically identify log types from your log snapshot data.

How it works:

1. Click "Get Log Types" from the Pipeline Intelligence panel

2. Pipeline Intelligence will begin to analyze and stream output of generated log types.

3. Log types are automatically identified and displayed as chips in the snapshot console.

4. You can click on any log type chip to bring up additional actions to take on that log type.

Standardize Log Type for SecOps

Automatically generate a Google SecOps standardization processor for specific log types.

How it works:

1. Click into a processor node that has a Google SecOps source connected to it.

2. Generate log types for the snapshot (steps shown above).

3. After generating log types, Pipeline Intelligence will recommend a new action: "Standardize Log Type for SecOps".

4. Select a log type from the drop down (or choose "All Log Types" to standardize multiple types)

5. Click "Generate" to create the standardization processor with the appropriate log type and conditional statement

Validate SecOps Parser

The Validate SecOps Parser action lets you quickly confirm that your logs will be parsed correctly when ingested to Google SecOps. A dropdown displays immediate feedback, such as parsed events or validation errors, without waiting for data to appear in Google SecOps.

How it works:

1. Expand a log in the snapshot view of a pipeline sending telemetry to a Google SecOps destination.

2. Click "Validate SecOps Parser" on the right side of the expanded row (see the Snapshot View screenshot above) to validate a SecOps parser for the detected log type.

3. Review the dropdown for parsed events or validation errors.