Administration GuideMapping and ParsingHow to Create a Message Parsing File › Analyze the XMP File

Previous Topic: Export Parsing Tokens

Next Topic: How to Create a Data Mapping File

Analyze the XMP File

You can use the Message Parsing utility to analyze your new or edited file and determine how effective the parsing file is against the sample events. Analysis lets you make modifications to improve the efficacy of the file before saving it.

The utility analyzes an XMP file against your selected sample event set using the following process:

  1. Locating all events containing the prematch strings defined in the XMP file. The utility runs a separate search for each prematch string, finding all events containing that string.
  2. Finding the first parsing filter for each of the prematched events that can parse the event into tokens.

To analyze the XMP file

Open the parsing wizard and advance to the Parsing Analysis step. The wizard displays the number of matches for the prematch strings and filters. The more matches you have, the more efficient the new or edited XMP file will be. This also allows you to determine if there is any significant information that remains unparsed.

The XMP analysis can take some time to process if the XMP file and the number of sample events are both large. It should not usually take over a minute. You can cancel this process if it is taking too long and then re-analyze using a smaller number of events.

When you create a new rule, it is saved as version 1.0. If you later rule edit the rule, a separate copy of the rule is stored as a new version. You can view earlier versions, and apply or copy them as needed.