https://live.paloaltonetworks.com/t5/general-topics/help-on-csv-output-feed/m-p/100864#M99630 <P>Sure. Thanks for the quick response.</P><P>&nbsp;</P><P>So we have some custom scripts in place that parse any number of feeds, normalize the data, and feed it into our log analysis solution. For each feed we extract date, source_name, ioc_desc, ioc. We then add category, ioc_type, confidence. I'm looking to replace soem of our custom scripts with this, but I'm having trouble getting the data back out in that format.&nbsp;</P><P>&nbsp;</P><P>I can do teh parsing just fine with teh miners, filter/aggregate with the processors, but I can't get the output to limit the fields and send it in tsv/csv/syslog format as is. Poking around in the flask part of the code I was able to tweak the feedredis.py to output in tsv&nbsp;&nbsp;- just not sure if thats the best&nbsp;way to do it. Also a little stuck on how to specify field filters in teh output.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 29 Jul 2016 01:02:48 GMT kx1499 2016-07-29T01:02:48Z https://live.paloaltonetworks.com/t5/general-topics/help-on-csv-output-feed/m-p/100778#M99628 <P>I'm looking to output feeds to a format that I can ingest in some log analysis tools, and need to output fields that I have defined in miners. Is there any information on how to access that data and output it?</P> Thu, 28 Jul 2016 02:23:26 GMT https://live.paloaltonetworks.com/t5/general-topics/help-on-csv-output-feed/m-p/100778#M99628 kx1499 2016-07-28T02:23:26Z https://live.paloaltonetworks.com/t5/general-topics/help-on-csv-output-feed/m-p/100789#M99629 <P>Could give us more details about the format and fields your log analsys platform could ingest ?</P> Thu, 28 Jul 2016 08:23:03 GMT https://live.paloaltonetworks.com/t5/general-topics/help-on-csv-output-feed/m-p/100789#M99629 lmori 2016-07-28T08:23:03Z https://live.paloaltonetworks.com/t5/general-topics/help-on-csv-output-feed/m-p/100864#M99630 <P>Sure. Thanks for the quick response.</P><P>&nbsp;</P><P>So we have some custom scripts in place that parse any number of feeds, normalize the data, and feed it into our log analysis solution. For each feed we extract date, source_name, ioc_desc, ioc. We then add category, ioc_type, confidence. I'm looking to replace soem of our custom scripts with this, but I'm having trouble getting the data back out in that format.&nbsp;</P><P>&nbsp;</P><P>I can do teh parsing just fine with teh miners, filter/aggregate with the processors, but I can't get the output to limit the fields and send it in tsv/csv/syslog format as is. Poking around in the flask part of the code I was able to tweak the feedredis.py to output in tsv&nbsp;&nbsp;- just not sure if thats the best&nbsp;way to do it. Also a little stuck on how to specify field filters in teh output.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 29 Jul 2016 01:02:48 GMT https://live.paloaltonetworks.com/t5/general-topics/help-on-csv-output-feed/m-p/100864#M99630 kx1499 2016-07-29T01:02:48Z https://live.paloaltonetworks.com/t5/general-topics/help-on-csv-output-feed/m-p/100879#M99631 <P>Hi kx1499,</P> <P>feedredis.py could be the best place to do this. I think the best way to restrict field is sending the required fields as a URL parameter. Do you have an example of the tsv output format required by your log analysis tool ? Is the log analysis tool a commercial solution&nbsp;?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>luigi</P> Fri, 29 Jul 2016 07:55:48 GMT https://live.paloaltonetworks.com/t5/general-topics/help-on-csv-output-feed/m-p/100879#M99631 lmori 2016-07-29T07:55:48Z