Who am I and why should you listen to me about log parsing?
For the past 4 1/2 years I've been a Security Operations Centre Analyst.
I've worked with some pretty big SIEM installations (hundreds of millions of events per day) for some pretty big organisations (NATO, for example).
Along the way I've had to get my hands dirty on quite a few occasions in what can reasonably be labelled the heart of the SIEM - its log parsing rules.
When I'm not tinkering with regex or poking malware to see what events it creates, I entertain myself by trying to hit people with swords. I also sometimes play video games.