Mailing-List: contact commits-help@metron.incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@metron.incubator.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: rmerriman@apache.org
To: commits@metron.incubator.apache.org
Date: Mon, 02 May 2016 17:26:43 -0000
Message-Id: <7938521048974dcdad4f733f5db2fb04@git.apache.org>
In-Reply-To: <2ce8dbbf49e942efa46a6e4c73b934cb@git.apache.org>
References: <2ce8dbbf49e942efa46a6e4c73b934cb@git.apache.org>
Subject: [2/3] incubator-metron git commit: METRON-122 Create generic unit
 test framework for testing grok statements (merrimanr) closes
 apache/incubator-metron#96
archived-at: Mon, 02 May 2016 17:26:58 -0000

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/BluecoatParsed
----------------------------------------------------------------------
diff --git a/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/BluecoatParsed b/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/BluecoatParsed
new file mode 100644
index 0000000..201c972
--- /dev/null
+++ b/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/BluecoatParsed
@@ -0,0 +1,144 @@
+{"eid":"WJS310","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.29.36","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.216.222: user 'yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ags432","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.114.217.29: user 'ags432' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.114.217.29","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.114.217.29: user 'ags432' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"u62206","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.113.216.196: user 'u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.113.216.196","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.113.216.196: user 'u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"CXI886","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.221.164: user 'CXI886' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.221.164","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.127.221.164: user 'CXI886' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"CXI886","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.221.164: user 'CXI886' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.221.164","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.127.221.164: user 'CXI886' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ags432","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.114.217.29: user 'ags432' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.114.217.29","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.114.217.29: user 'ags432' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.218.165.248: user 'fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\uzl193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'LOCAL\\uzl193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'LOCAL\\uzl193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=FJL928,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"AD_ldap","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=FJL928,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=UZL193,OU=User Lock Policy 00,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"0,OU=Al","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=UZL193,OU=User Lock Policy 00,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=EPL857,OU=User Lock Policy 05,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"5,OU=Al","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=EPL857,OU=User Lock Policy 05,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.210.223.65: user 'epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\sdq302","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.216.106: user 'LOCAL\\sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.216.106","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.127.216.106: user 'LOCAL\\sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'LOCAL\\kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.219.15.104: user 'LOCAL\\kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=SDQ302,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"AD_ldap","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=SDQ302,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"sdq302","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.216.106: user 'sdq302' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.216.106","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.127.216.106: user 'sdq302' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\dkg773","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.120.144.20: user 'LOCAL\\dkg773' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.120.144.20","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.120.144.20: user 'LOCAL\\dkg773' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"dkg773","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.120.144.20: user 'dkg773' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.120.144.20","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.120.144.20: user 'dkg773' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"dkg773","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.120.144.20: user 'dkg773' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.120.144.20","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.120.144.20: user 'dkg773' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\uua398","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.219.193: user 'LOCAL\\uua398' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.219.193","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.219.193: user 'LOCAL\\uua398' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:06 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683866000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:06 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683866000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\wjs310","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.29.36: user 'LOCAL\\wjs310' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.29.36","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.29.36: user 'LOCAL\\wjs310' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=WJS310,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"AD_ldap","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=WJS310,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"WJS310","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.29.36","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"WJS310","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.29.36","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.29.36: user 'WJS310' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'LOCAL\\yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.216.222: user 'LOCAL\\yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.216.222: user 'yaw983' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"yaw983","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.216.222","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.216.222: user 'yaw983' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ags432","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.114.217.29: user 'ags432' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.114.217.29","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.114.217.29: user 'ags432' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\u62206","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.113.216.196: user 'LOCAL\\u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.113.216.196","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.113.216.196: user 'LOCAL\\u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"qwn225","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.115.220.223","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.115.220.223: user 'qwn225' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250001 LDAP: Authentication failed from 10.113.216.196: no such user in realm 'AD_ldap'(102089) NORMAL_EVENT realm_ldap.cpp 2634","event_type":"authentication failure","event_code":"250001","designated_host":"10.113.216.196","realm":"AD_ldap","priority":"29","message":" LDAP: Authentication failed from 10.113.216.196: no such user in realm 'AD_ldap'(102089) NORMAL_EVENT realm_ldap.cpp 2634","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ags432","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.114.217.29: user 'ags432' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.114.217.29","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.114.217.29: user 'ags432' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'LOCAL\\fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.218.165.248: user 'LOCAL\\fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.218.165.248: user 'fjl928' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"fjl928","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.218.165.248","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.218.165.248: user 'fjl928' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'LOCAL\\epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.210.223.65: user 'LOCAL\\epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"XGZ521","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.119.223.52","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.119.223.52: user 'XGZ521' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"ugs662","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.152.102.72","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.152.102.72: user 'ugs662' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.210.223.65: user 'epl857' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"epl857","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.210.223.65","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.210.223.65: user 'epl857' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"sdq302","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.216.106: user 'sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.216.106","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.127.216.106: user 'sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"sdq302","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.127.216.106: user 'sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.127.216.106","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.127.216.106: user 'sdq302' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"original_string":"<29>Apr 14 20:31:07 ProxySG: 250018 LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=UUA398,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","event_type":"authentication failure","event_code":"250018","realm":"AD_ldap","priority":"29","message":" LDAP: invalid credentials: reason: '80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772' dn: 'CN=UUA398,OU=Developers,OU=All Users,DC=cof,DC=ds,DC=capitalone,DC=com' realm: 'AD_ldap'(2425130) NORMAL_EVENT realm_ldap.cpp 2833","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"uua398","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.219.193: user 'uua398' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.219.193","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.219.193: user 'uua398' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"LOCAL\\uzl193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'LOCAL\\uzl193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'LOCAL\\uzl193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"UZL193","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.29.228","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.118.29.228: user 'UZL193' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"vwv149","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.212.21.253","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.212.21.253: user 'vwv149' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"uua398","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.118.219.193: user 'uua398' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.118.219.193","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.118.219.193: user 'uua398' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"kon313","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.219.15.104","realm":"AD_ldap","priority":"29","message":" Authentication failed from 10.219.15.104: user 'kon313' (realm AD_ldap)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
+{"eid":"u62206","original_string":"<29>Apr 14 20:31:07 ProxySG: 250017 Authentication failed from 10.113.216.196: user 'u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","event_type":"authentication failure","event_code":"250017","designated_host":"10.113.216.196","realm":"iwa_realm","priority":"29","message":" Authentication failed from 10.113.216.196: user 'u62206' (realm iwa_realm)(0) NORMAL_EVENT authutility.cpp 113","timestamp":1460683867000,"source.type":"bluecoat"}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/SquidExampleParsed
----------------------------------------------------------------------
diff --git a/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/SquidExampleParsed b/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/SquidExampleParsed
new file mode 100644
index 0000000..9643c25
--- /dev/null
+++ b/metron-platform/metron-integration-test/src/main/resources/sample/data/SampleParsed/SquidExampleParsed
@@ -0,0 +1,2 @@
+{"elapsed":161,"code":200,"ip_dst_addr":"199.27.79.73","original_string":"1461576382.642    161 127.0.0.1 TCP_MISS\/200 103701 GET http:\/\/www.cnn.com\/ - DIRECT\/199.27.79.73 text\/html","method":"GET","bytes":103701,"action":"TCP_MISS","ip_src_addr":"127.0.0.1","url":"cnn.com","timestamp":1461576382642,"source.type":"squid"}
+{"elapsed":159,"code":200,"ip_dst_addr":"66.210.41.9","original_string":"1461576442.228    159 127.0.0.1 TCP_MISS\/200 137183 GET http:\/\/www.nba.com\/ - DIRECT\/66.210.41.9 text\/html","method":"GET","bytes":137183,"action":"TCP_MISS","ip_src_addr":"127.0.0.1","url":"nba.com","timestamp":1461576442228,"source.type":"squid"}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-integration-test/src/main/resources/sample/patterns/test
----------------------------------------------------------------------
diff --git a/metron-platform/metron-integration-test/src/main/resources/sample/patterns/test b/metron-platform/metron-integration-test/src/main/resources/sample/patterns/test
new file mode 100644
index 0000000..a88a255
--- /dev/null
+++ b/metron-platform/metron-integration-test/src/main/resources/sample/patterns/test
@@ -0,0 +1,2 @@
+YAF_TIME_FORMAT %{YEAR:UNWANTED}-%{MONTHNUM:UNWANTED}-%{MONTHDAY:UNWANTED}[T ]%{HOUR:UNWANTED}:%{MINUTE:UNWANTED}:%{SECOND:UNWANTED}
+YAF_DELIMITED %{NUMBER:start_time}\|%{YAF_TIME_FORMAT:end_time}\|%{SPACE:UNWANTED}%{BASE10NUM:duration}\|%{SPACE:UNWANTED}%{BASE10NUM:rtt}\|%{SPACE:UNWANTED}%{INT:protocol}\|%{SPACE:UNWANTED}%{IP:ip_src_addr}\|%{SPACE:UNWANTED}%{INT:ip_src_port}\|%{SPACE:UNWANTED}%{IP:ip_dst_addr}\|%{SPACE:UNWANTED}%{INT:ip_dst_port}\|%{SPACE:UNWANTED}%{DATA:iflags}\|%{SPACE:UNWANTED}%{DATA:uflags}\|%{SPACE:UNWANTED}%{DATA:riflags}\|%{SPACE:UNWANTED}%{DATA:ruflags}\|%{SPACE:UNWANTED}%{WORD:isn}\|%{SPACE:UNWANTED}%{DATA:risn}\|%{SPACE:UNWANTED}%{DATA:tag}\|%{GREEDYDATA:rtag}\|%{SPACE:UNWANTED}%{INT:pkt}\|%{SPACE:UNWANTED}%{INT:oct}\|%{SPACE:UNWANTED}%{INT:rpkt}\|%{SPACE:UNWANTED}%{INT:roct}\|%{SPACE:UNWANTED}%{INT:app}\|%{GREEDYDATA:end_reason}

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/pom.xml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/pom.xml b/metron-platform/metron-parsers/pom.xml
index 0462ba9..2630ef3 100644
--- a/metron-platform/metron-parsers/pom.xml
+++ b/metron-platform/metron-parsers/pom.xml
@@ -48,6 +48,17 @@
             </exclusions>
         </dependency>
         <dependency>
+            <groupId>org.apache.hadoop</groupId>
+            <artifactId>hadoop-hdfs</artifactId>
+            <version>${global_hadoop_version}</version>
+            <exclusions>
+                <exclusion>
+                    <artifactId>servlet-api</artifactId>
+                    <groupId>javax.servlet</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
             <groupId>org.apache.hbase</groupId>
             <artifactId>hbase-client</artifactId>
             <version>${global_hbase_version}</version>

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/src/main/flux/bluecoat/remote.yaml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/main/flux/bluecoat/remote.yaml b/metron-platform/metron-parsers/src/main/flux/bluecoat/remote.yaml
new file mode 100644
index 0000000..1f2cd14
--- /dev/null
+++ b/metron-platform/metron-parsers/src/main/flux/bluecoat/remote.yaml
@@ -0,0 +1,71 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "bluecoat"
+config:
+    topology.workers: 1
+
+components:
+    -   id: "parser"
+        className: "org.apache.metron.parsers.bluecoat.BasicBluecoatParser"
+    -   id: "writer"
+        className: "org.apache.metron.parsers.writer.KafkaWriter"
+        constructorArgs:
+            - "${kafka.broker}"
+    -   id: "zkHosts"
+        className: "storm.kafka.ZkHosts"
+        constructorArgs:
+            - "${kafka.zk}"
+    -   id: "kafkaConfig"
+        className: "storm.kafka.SpoutConfig"
+        constructorArgs:
+            # zookeeper hosts
+            - ref: "zkHosts"
+            # topic name
+            - "bluecoat"
+            # zk root
+            - ""
+            # id
+            - "bluecoat"
+        properties:
+            -   name: "ignoreZkOffsets"
+                value: true
+            -   name: "startOffsetTime"
+                value: -1
+            -   name: "socketTimeoutMs"
+                value: 1000000
+
+spouts:
+    -   id: "kafkaSpout"
+        className: "storm.kafka.KafkaSpout"
+        constructorArgs:
+            - ref: "kafkaConfig"
+
+bolts:
+    -   id: "parserBolt"
+        className: "org.apache.metron.parsers.bolt.ParserBolt"
+        constructorArgs:
+            - "${kafka.zk}"
+            - "bluecoat"
+            - ref: "parser"
+            - ref: "writer"
+
+streams:
+    -   name: "spout -> bolt"
+        from: "kafkaSpout"
+        to: "parserBolt"
+        grouping:
+            type: SHUFFLE

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/src/main/flux/bluecoat/test.yaml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/main/flux/bluecoat/test.yaml b/metron-platform/metron-parsers/src/main/flux/bluecoat/test.yaml
new file mode 100644
index 0000000..f1016e6
--- /dev/null
+++ b/metron-platform/metron-parsers/src/main/flux/bluecoat/test.yaml
@@ -0,0 +1,72 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "bluecoat-test"
+config:
+    topology.workers: 1
+
+
+components:
+    -   id: "parser"
+        className: "org.apache.metron.parsers.bluecoat.BasicBluecoatParser"
+    -   id: "writer"
+        className: "org.apache.metron.parsers.writer.KafkaWriter"
+        constructorArgs:
+            - "${kafka.broker}"
+    -   id: "zkHosts"
+        className: "storm.kafka.ZkHosts"
+        constructorArgs:
+            - "${kafka.zk}"
+    -   id: "kafkaConfig"
+        className: "storm.kafka.SpoutConfig"
+        constructorArgs:
+            # zookeeper hosts
+            - ref: "zkHosts"
+            # topic name
+            - "bluecoat"
+            # zk root
+            - ""
+            # id
+            - "bluecoat"
+        properties:
+            -   name: "ignoreZkOffsets"
+                value: true
+            -   name: "startOffsetTime"
+                value: -2
+            -   name: "socketTimeoutMs"
+                value: 1000000
+
+spouts:
+    -   id: "kafkaSpout"
+        className: "storm.kafka.KafkaSpout"
+        constructorArgs:
+            - ref: "kafkaConfig"
+
+bolts:
+    -   id: "parserBolt"
+        className: "org.apache.metron.parsers.bolt.ParserBolt"
+        constructorArgs:
+            - "${kafka.zk}"
+            - "bluecoat"
+            - ref: "parser"
+            - ref: "writer"
+
+streams:
+    -   name: "spout -> bolt"
+        from: "kafkaSpout"
+        to: "parserBolt"
+        grouping:
+            type: SHUFFLE

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/src/main/flux/squid/remote.yaml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/main/flux/squid/remote.yaml b/metron-platform/metron-parsers/src/main/flux/squid/remote.yaml
new file mode 100644
index 0000000..119f03e
--- /dev/null
+++ b/metron-platform/metron-parsers/src/main/flux/squid/remote.yaml
@@ -0,0 +1,78 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "squid"
+config:
+    topology.workers: 1
+
+components:
+    -   id: "parser"
+        className: "org.apache.metron.parsers.GrokParser"
+        constructorArgs:
+            - "/apps/metron/patterns/squid"
+            - "SQUID_DELIMITED"
+        configMethods:
+            -   name: "withTimestampField"
+                args:
+                    - "timestamp"
+    -   id: "writer"
+        className: "org.apache.metron.parsers.writer.KafkaWriter"
+        constructorArgs:
+            - "${kafka.broker}"
+    -   id: "zkHosts"
+        className: "storm.kafka.ZkHosts"
+        constructorArgs:
+            - "${kafka.zk}"
+    -   id: "kafkaConfig"
+        className: "storm.kafka.SpoutConfig"
+        constructorArgs:
+            # zookeeper hosts
+            - ref: "zkHosts"
+            # topic name
+            - "squid"
+            # zk root
+            - ""
+            # id
+            - "squid"
+        properties:
+            -   name: "ignoreZkOffsets"
+                value: true
+            -   name: "startOffsetTime"
+                value: -1
+            -   name: "socketTimeoutMs"
+                value: 1000000
+
+spouts:
+    -   id: "kafkaSpout"
+        className: "storm.kafka.KafkaSpout"
+        constructorArgs:
+            - ref: "kafkaConfig"
+
+bolts:
+    -   id: "parserBolt"
+        className: "org.apache.metron.parsers.bolt.ParserBolt"
+        constructorArgs:
+            - "${kafka.zk}"
+            - "squid"
+            - ref: "parser"
+            - ref: "writer"
+
+streams:
+    -   name: "spout -> bolt"
+        from: "kafkaSpout"
+        to: "parserBolt"
+        grouping:
+            type: SHUFFLE

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/src/main/flux/squid/test.yaml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/main/flux/squid/test.yaml b/metron-platform/metron-parsers/src/main/flux/squid/test.yaml
new file mode 100644
index 0000000..77893d2
--- /dev/null
+++ b/metron-platform/metron-parsers/src/main/flux/squid/test.yaml
@@ -0,0 +1,78 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: "squid"
+config:
+    topology.workers: 1
+
+components:
+    -   id: "parser"
+        className: "org.apache.metron.parsers.GrokParser"
+        constructorArgs:
+            - "../metron-parsers/src/main/resources/patterns/squid"
+            - "SQUID_DELIMITED"
+        configMethods:
+            -   name: "withTimestampField"
+                args:
+                    - "timestamp"
+    -   id: "writer"
+        className: "org.apache.metron.parsers.writer.KafkaWriter"
+        constructorArgs:
+            - "${kafka.broker}"
+    -   id: "zkHosts"
+        className: "storm.kafka.ZkHosts"
+        constructorArgs:
+            - "${kafka.zk}"
+    -   id: "kafkaConfig"
+        className: "storm.kafka.SpoutConfig"
+        constructorArgs:
+            # zookeeper hosts
+            - ref: "zkHosts"
+            # topic name
+            - "squid"
+            # zk root
+            - ""
+            # id
+            - "squid"
+        properties:
+            -   name: "ignoreZkOffsets"
+                value: false
+            -   name: "startOffsetTime"
+                value: -2
+            -   name: "socketTimeoutMs"
+                value: 1000000
+
+spouts:
+    -   id: "kafkaSpout"
+        className: "storm.kafka.KafkaSpout"
+        constructorArgs:
+            - ref: "kafkaConfig"
+
+bolts:
+    -   id: "parserBolt"
+        className: "org.apache.metron.parsers.bolt.ParserBolt"
+        constructorArgs:
+            - "${kafka.zk}"
+            - "squid"
+            - ref: "parser"
+            - ref: "writer"
+
+streams:
+    -   name: "spout -> bolt"
+        from: "kafkaSpout"
+        to: "parserBolt"
+        grouping:
+            type: SHUFFLE

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/645d8292/metron-platform/metron-parsers/src/main/flux/yaf/test.yaml
----------------------------------------------------------------------
diff --git a/metron-platform/metron-parsers/src/main/flux/yaf/test.yaml b/metron-platform/metron-parsers/src/main/flux/yaf/test.yaml
index 0f6031c..e2985b8 100644
--- a/metron-platform/metron-parsers/src/main/flux/yaf/test.yaml
+++ b/metron-platform/metron-parsers/src/main/flux/yaf/test.yaml
@@ -35,9 +35,6 @@ components:
             -   name: "withDateFormat"
                 args:
                     - "yyyy-MM-dd HH:mm:ss.S"
-            -   name: "withMetronHDFSHome"
-                args:
-                    - ""
     -   id: "writer"
         className: "org.apache.metron.parsers.writer.KafkaWriter"
         constructorArgs: