Hello!
I am a new user of ELK. I am trying to understand how works SIEM parser «1».
In filter block I see:
filter {
load_source_mapper_filters(mcsevt).
Mcs is service of agent that picks up Windows logs.
I don’t understand what it is load_source_mapper_filters. Where it can be? I don’t see some headers or include libraries in parser «1».
Maybe there is some kind of built-in library of functions from where parsers can deliver information. Or maybe there is some library of user-defined functions.
I didn't find a description in the official manual.
Please, please help.
Valentina.