Custom Property Types
You can create a custom property type.
When you create a custom property, you can choose to create a Regex or a calculated property type.
Using regular expression (Regex) statements, you can extract unnormalized data from event or flow payloads.
For example, a report is created to report all users who make user permission changes on an Oracle server. A list of users and the number of times they made a change to the permission of another account is reported. However, typically the actual user account or permission that was changed cannot display. You can create a custom property to extract this information from the logs, and then use the property in searches and reports. Use of this feature requires advanced knowledge of regular expressions (regex).
Regex defines the field that you want to become the custom property. After you enter a regex statement, you can validate it against the payload. When you define custom regex patterns, adhere to regex rules as defined by the Java programming language.
For more information, you can refer to regex tutorials available on the web. A custom property can be associated with multiple regular expressions.
When an event or flow is parsed, each regex pattern is tested on the event or flow until a regex pattern matches the payload. The first regex pattern to match the event or flow payload determines the data to be extracted.
Using calculation-based custom properties, you can perform calculations on existing numeric event or flow properties to produce a calculated property.
For example, you can create a property that displays a percentage by dividing one numeric property by another numeric property.
