Skip to main content
Skip table of contents

Text Processors

The Message Interpreter allows you to apply additional text processors to individual data elements within the overall message format. Axon supports the following text processors:

  • Any Text
  • Bracketed Value
  • CEF (Common Event Format)
  • CVE (Common Vulnerabilities and Exposures ID)
  • Double Mac
  • DSV (Delimited Separated Value)
  • Duration
  • Email
  • Enum
  • File Path
  • Integer
  • IP
  • JSON
  • Kebab
  • Key Value
  • MAC
  • MD5
  • Quoted
  • SHA1
  • SHA256
  • SHA512
  • Timestamp
  • URL
  • UUID
  • WEL (Windows Event Log)
  • Windows DNS Name
  • XML

Text Processor Configurations

Some text processors require you to specify certain configuration values, like delimiter, encapsulator, and escape character.

The following sections provide guidance for the text processors that require specifications.

Bracketed Value

Bracketed TypeFormat Example
SQUARE

[square] 

CURLY{curly}
PAREN(parenthesis)
ANGLE<angle>

DSV (Delimited Separated Value)

DSV TypeFormat Example Description
CUSTOM

User defined

User defines:

  • Delimiter
  • (Optional) Encapsulator
  • (Optional) Escape Character
CSV_QUOTEfield1,field2,"field3"

Delimiter: comma

Encapsulator: quote

CSV_TICKfield1,field2,'field3'

Delimiter: comma

Encapsulator: quote

SEMICOLON_QUOTEfield1;field2;"field3"

Delimiter: semicolon

Encapsulator: quote

SEMICOLON_TICKfield1;field2;'field3'

Delimiter: semicolon

Encapsulator: tick

COLON_QUOTEfield1:field2:"field3"

Delimiter: colon

Encapsulator: quote

COLON_TICKfield1:field2:'field3'

Delimiter: colon

Encapsulator: tick

PIPE_QUOTEfield1|field2|"field3"

Delimiter: pipe

Encapsulator: quote

PIPE_TICKfield1|field2|'field3'

Delimiter: pipe

Encapsulator: tick

Duration

Duration TypeFormat Example
CUSTOMUser defined
HMSHH:MM:SS
DHMSDD:HH:MM:SS

File Path

File Path TypeFormat Example
UNIX/usr/local/bin/java
WINDOWSC:\Program Files\Executable\execute.exe

Key Value

Key Value TypeFormat ExampleDescription
CUSTOM

User defined

Required
  • KV Pair Delimiter
  • Permissive Mode
Optional
  • KV Delimiter
  • Value Open Encapsulator
  • Value Close Encapsulator
  • Key Close Encapsulator
  • Key Open Encapsulator
  • Value Escape Character
CISCOCisco formatN/A
CHECKPOINTCheckpoint formatN/A
KEY_EQ_VAL_COMMAfield1=value1,field2=value2Delimiter: comma
KEY_EQ_VAL_SEMICOLONfield1=value1;field2=value2Delimiter: semicolon
KEY_EQ_VAL_PIPEfield1=value1|field2=value2Delimiter: pipe
KEY_EQ_VAL_SLASHfield1=value1\field2=value2Delimiter: slash
KEY_EQ_VAL_SPACEfield1=value1 field2=value2Delimiter: space
KEY_EQ_VAL_TABfield1=value1<tab>field2=value2Delimiter: tab

MAC

MAC TypeFormat Example
COLON_PAIRS

a1:b2:c3:d4:e5:f6

DASH_PAIRSa1-b2-c3-d3-e4-f5
SPACE_PAIRSa1 b2 c3 d4 e5 f6
NO_DELIMa1b2c3d4e5f6

Timestamp

Timestamp Type

Format Example

CUSTOM

User defined
ISO86012015-11-12T00:24:35.079785200Z
EPOCH_SECONDS1645821859
EPOCH_MILLIS

1645821859000

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close