Change log for IBM_I
| Date | Changes | 
|---|---|
| 2025-07-30 | Enhancement: - Modified the grok pattern on "message" field to parse "sequence_number", "job_reference_id", "job_name","job_user", "prin_host" correctly. - Added grok patterns on "msg1" field to parse "system_value_parameters". - Removed a grok pattern on "msg1" field. - Modified a conditional check from "PW" to ",PW," that is used before grok pattern. - event.idm.read_only_udm.metadata.product_event_type: Newly mapped "eventtype" field with "event.idm.read_only_udm.metadata.product_event_type" UDM field. - event.idm.read_only_udm.target.resource.id: Newly mapped "job_reference_id" field with "event.idm.read_only_udm.target.resource.id" UDM field. - event.idm.read_only_udm.target.process.command_line: Newly mapped "job_name" field with "event.idm.read_only_udm.target.process.command_line" UDM field. - event.idm.read_only_udm.additional.fields: Newly mapped "job_user","sequence_number" fields with "event.idm.read_only_udm.additional.fields" UDM field. - event.idm.read_only_udm.target.resource.attribute.labels: Newly mapped "system_value_parameters" field with "event.idm.read_only_udm.target.resource.attribute.labels" UDM field. | 
| 2025-04-11 | Enhancement: - Added Grok patterns to parse the new log format of Syslog. - Mapped "time" to "yyyy-MM-dd-HH.mm.ss". - Modified the grok pattern for "PW" type of logs to map "prin_host" to "principal.hostname" and "principal.asset.hostname". - If "eventtype" is "CO" and "has_principal_user" is true and "has_target_user" is true then mapped "event.idm.read_only_udm.metadata.event_type" to "USER_RESOURCE_UPDATE_CONTENT". - If "eventtype" is "OR" and "has_principal_user" is true and "has_target_user" is true then mapped "event.idm.read_only_udm.metadata.event_type" to "USER_RESOURCE_ACCESS". - If "eventtype" is "ZC" and "has_principal_user" is true and "has_target_user" is true then mapped "event.idm.read_only_udm.metadata.event_type" to "USER_RESOURCE_UPDATE_CONTENT". - If "eventtype" is "ZR" and "has_principal_user" is true and "has_target_user" is true then mapped "event.idm.read_only_udm.metadata.event_type" to "USER_RESOURCE_DELETION". - If "eventtype" is "DO" and "has_principal_user" is true and "has_target_user" is true then mapped "event.idm.read_only_udm.metadata.event_type" to "STATUS_UPDATE". | 
| 2025-04-07 | Enhancement: - event.idm.read_only_udm.additional.fields:Newly mapped `jrn_seq` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.additional.fields:Newly mapped `job_number` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields:Newly mapped `admin_user` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.security_result.detection_fields:Newly mapped `auth_user` raw log field with `event.idm.read_only_udm.security_result.detection_fields` UDM field. - event.idm.read_only_udm.additional.fields:Newly mapped `cmd_type` raw log field with `event.idm.read_only_udm.additional.fields` UDM field. - event.idm.read_only_udm.target.resource.name:Newly mapped `object` raw log field with `event.idm.read_only_udm.target.resource.name` UDM field. - event.idm.read_only_udm.target.resource.type:Newly mapped `object_type` raw log field with `event.idm.read_only_udm.target.resource.type` UDM field. - event.idm.read_only_udm.target.resource.attribute.labels:Newly mapped `object_library` raw log field with `event.idm.read_only_udm.target.resource.attribute.labels` UDM field. - Added a conditional check before setting "has_user" flag to "true" when "no_user_id" or "user_id" is empty. - Added a conditional check to set "event.idm.read_only_udm.metadata.event_type" to "USER_UNCATEGORIZED". | 
| 2025-03-03 | Enhancement: - Added Grok patterns to parse the new log format of Syslog. - Mapped "prin_host" to "principal.hostname" and "principal.asset.hostname". - Mapped "prin_pid" to "principal.process.pid". - Mapped "prin_resource" to "principal.resource.name". - Mapped "prin_user" to "principal.user.userid". - Mapped "tar_pid" to "target.process.pid". - Mapped "tar_host" to "target.hostname" and "target.asset.hostname". | 
| 2024-07-03 | Enhancement: - Added support for the new log format. | 
| 2024-03-18 | - Newly created parser. |