minor fix

Author: JV0812

docs/manage/field-extractions/fer-templates/akamai-cloud-monitor.md

@@ -79,7 +79,7 @@ description: Parse the common fields in your Akamai Cloud Monitor log using the
 **Parsing Rule:**
 
 ```sql
-parse "\"reqMethod\":\"*\"" as method, "\"status\":\"*\"" as status, "\"fwdHost\":\"*\"" as origin
+| parse "\"reqMethod\":\"*\"" as method, "\"status\":\"*\"" as status, "\"fwdHost\":\"*\"" as origin
 | parse "\"bytes\":\"*\"" as bytes, "\"edgeIP\":\"*\"" as edgeip, "\"country\":\"*\"" as country, "\"cookie\":\"*\"" as cookie
 ```
 

docs/manage/field-extractions/fer-templates/apache-access-logs.md

@@ -18,7 +18,7 @@ description: Parse the common fields in your Apache Access Logs using the FER te
 **Parsing Rule**:
 
 ```
-parse regex "^(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
+| parse regex "^(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
 | parse regex "(?<method>[A-Z]+)\s(?<url>\S+)\sHTTP/[\d\.]+\"\s(?<status_code>\d+)\s(?<size>[\d-]+)\s\"(?<referrer>.*?)\"\s\"(?<user_agent>.+?)\".*"
 ```
 

docs/manage/field-extractions/fer-templates/apache-tomcat-access-log-fer.md

@@ -19,7 +19,9 @@ description: Create a field extraction rule for Apache Tomcat 7 Access Logs.
 **Extraction Rule:**
 
 ```sql
-| parse regex "(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}? )" | parse regex "\"(?<method>\D{1,7}? )" | parse regex "\"\D{1,7} (?<url>\S{1,2048}? )" | parse regex "\" (?<status>\d{3}? )" | parse regex "\" \d{3} (?<time_taken>\d{1,}? )" | parse regex "\" \d{3} \d{1,} (?<bytes_sent>\d{1,}?)"
+| parse regex "(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}? )" 
+| parse regex "\"(?<method>\D{1,7}? )" | parse regex "\"\D{1,7} (?<url>\S{1,2048}? )" | parse regex "\" (?<status>\d{3}? )" | parse regex "\" \d{3} (?<time_taken>\d{1,}? )" 
+| parse regex "\" \d{3} \d{1,} (?<bytes_sent>\d{1,}?)"
 ```
 
 **Resulting Fields:**

docs/manage/field-extractions/fer-templates/apache-tomcat-access-logs.md

@@ -17,7 +17,7 @@ description: Parse the common fields in your Apache Tomcat Access Logs using the
 **Parsing Rule**:
 
 ```sql
-parse regex "(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}? )"
+| parse regex "(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}? )"
 | parse regex "\"(?<method>\D{1,7}? )"
 | parse regex "\"\D{1,7} (?<url>\S{1,2048}? )"
 | parse regex "\" (?<status>\d{3}? )"

docs/manage/field-extractions/fer-templates/cisco-fwsm-fer.md

@@ -147,5 +147,12 @@ _sourceCategory=networking/cisco/fwsm src dst ("Deny inbound" OR "Deny protocol"
 **Extraction Rule:**
 
 ```sql
-parse "Deny protocol * " as protocol nodrop | parse ") * " as protocol nodrop | parse regex "%[A-Z]{4}-(?<severity>\d)-(?<msg_code>\d{6}):\s" nodrop | parse regex "src\s(?<src_dom>\S+):(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" nodrop | parse regex "/(?<src_port>\d+)\s" nodrop | parse regex "dst\s(?<dest_dom>\S+):(?<dest_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" nodrop | parse regex "/(?<dest_port>\d+)\s" nodrop | "firewall-deny" as eventtype | "cisco-firewall" as event
+| parse "Deny protocol * " as protocol nodrop | parse ") * " as protocol nodrop 
+| parse regex "%[A-Z]{4}-(?<severity>\d)-(?<msg_code>\d{6}):\s" nodrop 
+| parse regex "src\s(?<src_dom>\S+):(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" nodrop 
+| parse regex "/(?<src_port>\d+)\s" nodrop 
+| parse regex "dst\s(?<dest_dom>\S+):(?<dest_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})" nodrop 
+| parse regex "/(?<dest_port>\d+)\s" nodrop 
+| "firewall-deny" as eventtype 
+| "cisco-firewall" as event
 ```

docs/manage/field-extractions/fer-templates/nginx-logs.md

@@ -19,7 +19,7 @@ description: Parse the common fields in your Nginx Logs using the FER template.
 **Parsing Rule**:
 
 ```sql
-parse regex "^(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
+| parse regex "^(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
 | parse regex "(?<method>[A-Z]+)\s(?<url>\S+)\sHTTP/[\d\.]+\"\s(?<status_code>\d+)\s(?<size>[\d-]+)\s\"(?<referrer>.*?)\"\s\"(?<user_agent>.+?)\".*"
 ```
 

docs/manage/field-extractions/fer-templates/varnish-logs.md

@@ -18,7 +18,7 @@ description: Parse the common fields in your Varnish Logs using the FER template
 **Parsing Rule:**
 
 ```sql
-parse regex "^(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
+| parse regex "^(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
 | parse regex "(?<method>[A-Z]+)\s(?<url>\S+)\sHTTP/[\d\.]+\"\s(?<status_code>\d+)\s(?<size>[\d-]+)\s\"(?<referrer>.*?)\"\s\"(?<user_agent>.+?)\".*"
 ```
 

docs/manage/field-extractions/safend-field-extraction.md

@@ -26,7 +26,7 @@ _sourceCategory=safend
 **Extraction Rule:**
 
 ```sql
-parse regex "Action: (?<action>[^,]*)" nodrop
+| parse regex "Action: (?<action>[^,]*)" nodrop
 | parse " * [" as host nodrop | parse "] *:" as alert_type nodrop
 | parse "User: *," as user nodrop
 | parse "Computer: *," as computer nodrop