Parser Content

{
Name = ibm-mainframe-json-user-disable-success-suspendedon
   Conditions = [ """"MFSOURCETYPE":"SYSLOG"""", """"MSGTXT":"""", """ was suspended on """ ]
   Fields = ${IBMParsersTemplates.ibm-mainframe-events.Fields}[
     """({event_name}suspended)""",
     """"MSGTXT":"[^"]+?\sUserID ({user}[^"\s]+)\sfor""""
   ]
   ParserVersion = "v1.0.0"

ibm-mainframe-events {
    Vendor = IBM
    Product = IBM Mainframe
    TimeFormat = "yyyy-MM-dd HH:mm:ss.SS Z"
    Fields = [ 
      """"DATETIME":"({time}\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d\.\d{2}\s(\+|\-)\d{4}?)"""",
	  """"ACTION":"({severity}[^"]+?)"""", 
      """"MSGNUM":"({event_code}[^"]+?)"""",
      """"MSGTXT":"({additional_info}[^"]+?)"""" 
    
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pC_ibmmainframejsonuserdisablesuccesssuspendedon.md

pC_ibmmainframejsonuserdisablesuccesssuspendedon.md

Parser Content

Files

pC_ibmmainframejsonuserdisablesuccesssuspendedon.md

Latest commit

History

pC_ibmmainframejsonuserdisablesuccesssuspendedon.md

File metadata and controls

Parser Content