Change log for DATADOG
| Date | Changes |
|---|---|
| 2025-06-19 | Enhancement:
- Added support to parse array Json logs into multiple events instead of a single event. - When has_principal is true and has_target is true then mapped to `NETWORK_CONNECTION`. - event.idm.read_only_udm.security_result.severity_details: Newly mapped `status` raw log field with `event.idm.read_only_udm.security_result.severity_details` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `record.attributes.user` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped `user` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `eventType` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped `ipAddress` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `ipAddress` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `threadID` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - event.idm.read_only_udm.security_result.severity: Newly mapped `status` raw log field with `event.idm.read_only_udm.security_result.severity` UDM field. - event.idm.read_only_udm.principal.application: Newly mapped `service` raw log field with `event.idm.read_only_udm.principal.application` UDM field. - event.idm.read_only_udm.metadata.description: Newly mapped `eventMessage` raw log field with `event.idm.read_only_udm.metadata.description` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `tags` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.target.user.userid: Newly mapped `record.attributes.contextMap.userId` raw log field with `event.idm.read_only_udm.target.user.userid` UDM field. - event.idm.read_only_udm.principal.user.userid: Newly mapped `record.attributes.contextMap.user` raw log field with `event.idm.read_only_udm.principal.user.userid` UDM field. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped `record.attributes.contextMap.eventType` raw log field with `event.idm.read_only_udm.metadata.product_event_type` UDM field. - event.idm.read_only_udm.network.http.user_agent: Newly mapped `record.attributes.contextMap.userAgent` raw log field with `event.idm.read_only_udm.network.http.user_agent` UDM field. - event.idm.read_only_udm.network.http.parsed_user_agent: Newly mapped `record.attributes.contextMap.userAgent` raw log field with `event.idm.read_only_udm.network.http.parsed_user_agent` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `record.attributes.contextMap.tradingAccountId` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.principal.ip: Newly mapped `principal_ip_address` raw log field with `event.idm.read_only_udm.principal.ip` UDM field. - event.idm.read_only_udm.principal.asset.ip: Newly mapped `principal_ip_address` raw log field with `event.idm.read_only_udm.principal.asset.ip` UDM field. - event.idm.read_only_udm.target.ip: Newly mapped `target_ip_address` raw log field with `event.idm.read_only_udm.target.ip` UDM field. - event.idm.read_only_udm.target.asset.ip: Newly mapped `target_ip_address` raw log field with `event.idm.read_only_udm.target.asset.ip` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `record.attributes.contextMap.cfRay` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `record.attributes.contextMap.symbol` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.target.platform_version: Newly mapped `record.attributes.contextMap.dd.version` raw log field with `event.idm.read_only_udm.target.platform_version` UDM field. - event.idm.read_only_udm.target.resource.type: Newly mapped `record.attributes.contextMap.dd.env` raw log field with `event.idm.read_only_udm.target.resource.type` UDM field. - event.idm.read_only_udm.target.application: Newly mapped `record.attributes.contextMap.dd.service` raw log field with `event.idm.read_only_udm.target.application` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `record.attributes.logger` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped `record.attributes.loggerFqcn` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - event.idm.read_only_udm.metadata.product_log_id: Newly mapped `record.attributes.threadId` raw log field with `event.idm.read_only_udm.metadata.product_log_id` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `record.trace_id` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `record.span_id` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped `record.service` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.security_result.about.resource.attribute.labels: Newly mapped `record.attributes.level` raw log field with `event.idm.read_only_udm.security_result.about.resource.attribute.labels` UDM field. - event.idm.read_only_udm.principal.hostname: Newly mapped `record.host` raw log field with `event.idm.read_only_udm.principal.hostname` UDM field. |
| 2025-03-06 | Enhancement:
- Added support to parse JSON array logs to multiple events rather thanga single event. |
| 2025-02-21 | Enhancement:
- Added support for new format of JSON logs. |
| 2025-01-31 | Added support for new format of JSON logs.
|
| 2023-07-21 | Newly created parser.
|