From 8646b09d25c138295c2cbc44d73af22911b2029f Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Wed, 25 Feb 2026 14:57:52 +0100
Subject: [PATCH 01/16] Adding data to workspace and change a log to debug mode

---
 src/detectmatelibrary/common/core.py          |   2 +-
 src/tools/workspace/create_workspace.py       |   7 +
 .../workspace/templates/CustomDetector.py     |  10 +
 src/tools/workspace/templates/CustomParser.py |  10 +
 src/tools/workspace/templates/data/logs.json  | 674 ++++++++++++++++++
 .../workspace/templates/data/parsed_log.json  | 368 ++++++++++
 tests/test_workspace/test_create_workspace.py |   1 +
 7 files changed, 1071 insertions(+), 1 deletion(-)
 create mode 100644 src/tools/workspace/templates/data/logs.json
 create mode 100644 src/tools/workspace/templates/data/parsed_log.json

diff --git a/src/detectmatelibrary/common/core.py b/src/detectmatelibrary/common/core.py
index 229c91d..e17c550 100644
--- a/src/detectmatelibrary/common/core.py
+++ b/src/detectmatelibrary/common/core.py
@@ -120,7 +120,7 @@ def process(self, data: BaseSchema | bytes) -> BaseSchema | bytes | None:
             logger.info(f"<<{self.name}>> returns None")
             return None
 
-        logger.info(f"<<{self.name}>> processed:\n{output_}")
+        logger.debug(f"<<{self.name}>> processed:\n{output_}")
         return SchemaPipeline.postprocess(output_, is_byte=is_byte)
 
     def get_config(self) -> Dict[str, Any]:
diff --git a/src/tools/workspace/create_workspace.py b/src/tools/workspace/create_workspace.py
index eb582c1..c5fa4fc 100644
--- a/src/tools/workspace/create_workspace.py
+++ b/src/tools/workspace/create_workspace.py
@@ -11,6 +11,10 @@
 TEMPLATE_DIR = BASE_DIR / "workspace" / "templates"
 
 META_FILES = ["LICENSE.md", ".gitignore", ".pre-commit-config.yaml"]
+DATA_FILES = {
+    "parser": "src/tools/workspace/templates/data/logs.json",
+    "detector": "src/tools/workspace/templates/data/parsed_log.json"
+}
 
 
 def copy_file(src: Path, dst: Path) -> None:
@@ -116,6 +120,9 @@ def create_workspace(type_: str, name: str, target_dir: Path) -> None:
 
     create_tests(type_=type_, name=name, workspace_root=workspace_root, pkg_name=pkg_name)
 
+    # Copy data
+    copy_file(PROJECT_ROOT / DATA_FILES[type_], workspace_root / "data.json")
+
     # Copy meta/root files
     for file_name in META_FILES:
         src = PROJECT_ROOT / file_name
diff --git a/src/tools/workspace/templates/CustomDetector.py b/src/tools/workspace/templates/CustomDetector.py
index a182bad..d1bc53d 100644
--- a/src/tools/workspace/templates/CustomDetector.py
+++ b/src/tools/workspace/templates/CustomDetector.py
@@ -2,6 +2,7 @@
 
 from detectmatelibrary.common.detector import CoreDetector, CoreDetectorConfig
 from detectmatelibrary.utils.data_buffer import BufferMode
+from detectmatelibrary.helper.from_to import From
 from detectmatelibrary import schemas
 
 
@@ -54,3 +55,12 @@ def detect(
             output_["alertsObtain"]["type"] = "Anomaly detected by CustomDetector"  # Additional info
 
         return result
+
+
+if __name__ == "__main__":
+
+    print(detector := CustomDetector())
+
+    print("Running with data...")
+    for alerts in From.json(detector, "../data.json"):
+        print(alerts)
diff --git a/src/tools/workspace/templates/CustomParser.py b/src/tools/workspace/templates/CustomParser.py
index 38fa2cb..7cc89ba 100644
--- a/src/tools/workspace/templates/CustomParser.py
+++ b/src/tools/workspace/templates/CustomParser.py
@@ -1,6 +1,7 @@
 from typing import Any
 
 from detectmatelibrary.common.parser import CoreParser, CoreParserConfig
+from detectmatelibrary.helper.from_to import From
 from detectmatelibrary import schemas
 
 
@@ -43,3 +44,12 @@ def parse(
         output_["EventID"] = 2  # Number of the log template
         output_["variables"].extend(["dummy_variable"])  # Variables found in the log
         output_["template"] = "This is a dummy template"  # Log template
+
+
+if __name__ == "__main__":
+
+    print(parser := CustomParser())
+
+    print("Running with data...")
+    for parsed_log in From.json(parser, "../data.json"):
+        print(parsed_log)
diff --git a/src/tools/workspace/templates/data/logs.json b/src/tools/workspace/templates/data/logs.json
new file mode 100644
index 0000000..b5eacbc
--- /dev/null
+++ b/src/tools/workspace/templates/data/logs.json
@@ -0,0 +1,674 @@
+{
+    "0": {
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "0",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "1": {
+        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "1",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "2": {
+        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
+        "logID": "2",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "3": {
+        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "3",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "4": {
+        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "4",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "5": {
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "5",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "6": {
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "logID": "6",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "7": {
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "logID": "7",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "8": {
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "8",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "9": {
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "9",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "10": {
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
+        "logID": "10",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "11": {
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "11",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "12": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "0"
+    },
+    "13": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "1"
+    },
+    "14": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
+        "logID": "2"
+    },
+    "15": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "3"
+    },
+    "16": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "4"
+    },
+    "17": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "5"
+    },
+    "18": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "logID": "6"
+    },
+    "19": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "logID": "7"
+    },
+    "20": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "8"
+    },
+    "21": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "9"
+    },
+    "22": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
+        "logID": "10"
+    },
+    "23": {
+        "hostname": "",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "11"
+    },
+    "24": {
+        "__version__": "1.0.0",
+        "logID": "0",
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logSource": ""
+    },
+    "25": {
+        "__version__": "1.0.0",
+        "logID": "1",
+        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logSource": ""
+    },
+    "26": {
+        "__version__": "1.0.0",
+        "logID": "2",
+        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
+        "hostname": "",
+        "logSource": ""
+    },
+    "27": {
+        "__version__": "1.0.0",
+        "logID": "3",
+        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logSource": ""
+    },
+    "28": {
+        "__version__": "1.0.0",
+        "logID": "4",
+        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logSource": ""
+    },
+    "29": {
+        "__version__": "1.0.0",
+        "logID": "5",
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logSource": ""
+    },
+    "30": {
+        "__version__": "1.0.0",
+        "logID": "6",
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "hostname": "",
+        "logSource": ""
+    },
+    "31": {
+        "__version__": "1.0.0",
+        "logID": "7",
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "hostname": "",
+        "logSource": ""
+    },
+    "32": {
+        "__version__": "1.0.0",
+        "logID": "8",
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logSource": ""
+    },
+    "33": {
+        "__version__": "1.0.0",
+        "logID": "9",
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logSource": ""
+    },
+    "34": {
+        "__version__": "1.0.0",
+        "logID": "10",
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
+        "hostname": "",
+        "logSource": ""
+    },
+    "35": {
+        "__version__": "1.0.0",
+        "logID": "11",
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logSource": ""
+    },
+    "36": {
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "0",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "37": {
+        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "1",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "38": {
+        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
+        "logID": "2",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "39": {
+        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "3",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "40": {
+        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "4",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "41": {
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "5",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "42": {
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "logID": "6",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "43": {
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "logID": "7",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "44": {
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "8",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "45": {
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "9",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "46": {
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
+        "logID": "10",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "47": {
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "11",
+        "hostname": "",
+        "__version__": "1.0.0",
+        "logSource": ""
+    },
+    "48": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logID": "0"
+    },
+    "49": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logID": "1"
+    },
+    "50": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
+        "hostname": "",
+        "logID": "2"
+    },
+    "51": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logID": "3"
+    },
+    "52": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logID": "4"
+    },
+    "53": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logID": "5"
+    },
+    "54": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "hostname": "",
+        "logID": "6"
+    },
+    "55": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "hostname": "",
+        "logID": "7"
+    },
+    "56": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logID": "8"
+    },
+    "57": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logID": "9"
+    },
+    "58": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
+        "hostname": "",
+        "logID": "10"
+    },
+    "59": {
+        "__version__": "1.0.0",
+        "logSource": "",
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "hostname": "",
+        "logID": "11"
+    },
+    "60": {
+        "logSource": "",
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "0",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "61": {
+        "logSource": "",
+        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "1",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "62": {
+        "logSource": "",
+        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
+        "logID": "2",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "63": {
+        "logSource": "",
+        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "3",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "64": {
+        "logSource": "",
+        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "4",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "65": {
+        "logSource": "",
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "5",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "66": {
+        "logSource": "",
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "logID": "6",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "67": {
+        "logSource": "",
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "logID": "7",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "68": {
+        "logSource": "",
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "8",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "69": {
+        "logSource": "",
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "9",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "70": {
+        "logSource": "",
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
+        "logID": "10",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "71": {
+        "logSource": "",
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "logID": "11",
+        "__version__": "1.0.0",
+        "hostname": ""
+    },
+    "72": {
+        "hostname": "",
+        "logID": "0",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "73": {
+        "hostname": "",
+        "logID": "1",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "74": {
+        "hostname": "",
+        "logID": "2",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1"
+    },
+    "75": {
+        "hostname": "",
+        "logID": "3",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "76": {
+        "hostname": "",
+        "logID": "4",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "77": {
+        "hostname": "",
+        "logID": "5",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "78": {
+        "hostname": "",
+        "logID": "6",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
+    },
+    "79": {
+        "hostname": "",
+        "logID": "7",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
+    },
+    "80": {
+        "hostname": "",
+        "logID": "8",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "81": {
+        "hostname": "",
+        "logID": "9",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "82": {
+        "hostname": "",
+        "logID": "10",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1"
+    },
+    "83": {
+        "hostname": "",
+        "logID": "11",
+        "logSource": "",
+        "__version__": "1.0.0",
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "84": {
+        "logID": "0",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "85": {
+        "logID": "1",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "86": {
+        "logID": "2",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1"
+    },
+    "87": {
+        "logID": "3",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "88": {
+        "logID": "4",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "89": {
+        "logID": "5",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "90": {
+        "logID": "6",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
+    },
+    "91": {
+        "logID": "7",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
+    },
+    "92": {
+        "logID": "8",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "93": {
+        "logID": "9",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    },
+    "94": {
+        "logID": "10",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1"
+    },
+    "95": {
+        "logID": "11",
+        "__version__": "1.0.0",
+        "logSource": "",
+        "hostname": "",
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+    }
+}
\ No newline at end of file
diff --git a/src/tools/workspace/templates/data/parsed_log.json b/src/tools/workspace/templates/data/parsed_log.json
new file mode 100644
index 0000000..412fd63
--- /dev/null
+++ b/src/tools/workspace/templates/data/parsed_log.json
@@ -0,0 +1,368 @@
+{
+    "0": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "10",
+        "logID": "0",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_ACCT",
+            "Serial": "375",
+            "Time": "1642723741.072",
+            "Content": "pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "4294967295",
+            "4294967295",
+            "PAM:accounting",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "1": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "11",
+        "logID": "1",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "CRED_ACQ",
+            "Serial": "376",
+            "Time": "1642723741.072",
+            "Content": "pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "4294967295",
+            "4294967295",
+            "PAM:setcred",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "2": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "12",
+        "logID": "2",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "LOGIN",
+            "Serial": "377",
+            "Time": "1642723741.076",
+            "Content": "pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "4294967295",
+            "0",
+            "(none)",
+            "4294967295",
+            "65",
+            "1"
+        ],
+        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
+        "parserType": "matcher_parser",
+        "EventID": 2,
+        "template": "pid=<*> uid=<*> old-auid=<*> auid=<*> tty=<*> old-ses=<*> ses=<*> res=<*>"
+    },
+    "3": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "13",
+        "logID": "3",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_START",
+            "Serial": "378",
+            "Time": "1642723741.080",
+            "Content": "pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "0",
+            "65",
+            "PAM:session_open",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "4": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "14",
+        "logID": "4",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "CRED_DISP",
+            "Serial": "379",
+            "Time": "1642723741.084",
+            "Content": "pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "0",
+            "65",
+            "PAM:setcred",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "5": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "15",
+        "logID": "5",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_END",
+            "Serial": "380",
+            "Time": "1642723741.084",
+            "Content": "pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "0",
+            "65",
+            "PAM:session_close",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "6": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "16",
+        "logID": "6",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "SERVICE_START",
+            "Serial": "381",
+            "Time": "1642723752.624",
+            "Content": "pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "1",
+            "0",
+            "4294967295",
+            "4294967295",
+            "phpsessionclean",
+            "\"systemd\"",
+            "\"/lib/systemd/systemd\"",
+            "?",
+            "?",
+            "?",
+            "success"
+        ],
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 1,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='unit=<*> comm=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "7": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "17",
+        "logID": "7",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "SERVICE_STOP",
+            "Serial": "382",
+            "Time": "1642723752.624",
+            "Content": "pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "1",
+            "0",
+            "4294967295",
+            "4294967295",
+            "phpsessionclean",
+            "\"systemd\"",
+            "\"/lib/systemd/systemd\"",
+            "?",
+            "?",
+            "?",
+            "success"
+        ],
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 1,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='unit=<*> comm=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "8": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "18",
+        "logID": "8",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_ACCT",
+            "Serial": "383",
+            "Time": "1642724221.094",
+            "Content": "pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10197",
+            "0",
+            "4294967295",
+            "4294967295",
+            "PAM:accounting",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "9": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "19",
+        "logID": "9",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "CRED_ACQ",
+            "Serial": "384",
+            "Time": "1642724221.098",
+            "Content": "pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10197",
+            "0",
+            "4294967295",
+            "4294967295",
+            "PAM:setcred",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "10": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "20",
+        "logID": "10",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "LOGIN",
+            "Serial": "385",
+            "Time": "1642724221.098",
+            "Content": "pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10197",
+            "0",
+            "4294967295",
+            "0",
+            "(none)",
+            "4294967295",
+            "66",
+            "1"
+        ],
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
+        "parserType": "matcher_parser",
+        "EventID": 2,
+        "template": "pid=<*> uid=<*> old-auid=<*> auid=<*> tty=<*> old-ses=<*> ses=<*> res=<*>"
+    },
+    "11": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "21",
+        "logID": "11",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_START",
+            "Serial": "386",
+            "Time": "1642724221.102",
+            "Content": "pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10197",
+            "0",
+            "0",
+            "66",
+            "PAM:session_open",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    }
+}
\ No newline at end of file
diff --git a/tests/test_workspace/test_create_workspace.py b/tests/test_workspace/test_create_workspace.py
index ddca99f..189a050 100644
--- a/tests/test_workspace/test_create_workspace.py
+++ b/tests/test_workspace/test_create_workspace.py
@@ -44,6 +44,7 @@ def test_create_parser_workspace(temp_dir: Path):
     assert (workspace_root / ".gitignore").exists()
     assert (workspace_root / ".pre-commit-config.yaml").exists()
     assert (workspace_root / "README.md").exists()
+    assert (workspace_root / "data.json").exists()
 
     # Python files live in package directory
     py_files = list(pkg_dir.glob("*.py"))

From 6bf881dc2be45a87a46154b9f65cc3f97bc9790d Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Wed, 25 Feb 2026 15:16:29 +0100
Subject: [PATCH 02/16] update logs.json

---
 src/tools/workspace/templates/data/logs.json | 644 +------------------
 1 file changed, 28 insertions(+), 616 deletions(-)

diff --git a/src/tools/workspace/templates/data/logs.json b/src/tools/workspace/templates/data/logs.json
index b5eacbc..bdcda27 100644
--- a/src/tools/workspace/templates/data/logs.json
+++ b/src/tools/workspace/templates/data/logs.json
@@ -1,674 +1,86 @@
 {
     "0": {
         "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "0",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "1": {
-        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "1",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "2": {
-        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
-        "logID": "2",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "3": {
-        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "3",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "4": {
-        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "4",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "5": {
-        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "5",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "6": {
-        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "logID": "6",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "7": {
-        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "logID": "7",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "8": {
-        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "8",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "9": {
-        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "9",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "10": {
-        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
-        "logID": "10",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "11": {
-        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "11",
-        "logSource": "",
         "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "12": {
         "hostname": "",
         "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
         "logID": "0"
     },
-    "13": {
-        "hostname": "",
-        "logSource": "",
-        "__version__": "1.0.0",
+    "1": {
         "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "1"
-    },
-    "14": {
-        "hostname": "",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
-        "logID": "2"
-    },
-    "15": {
-        "hostname": "",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "3"
-    },
-    "16": {
-        "hostname": "",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "4"
-    },
-    "17": {
-        "hostname": "",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "5"
-    },
-    "18": {
-        "hostname": "",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "logID": "6"
-    },
-    "19": {
-        "hostname": "",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "logID": "7"
-    },
-    "20": {
-        "hostname": "",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "8"
-    },
-    "21": {
-        "hostname": "",
-        "logSource": "",
         "__version__": "1.0.0",
-        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "9"
-    },
-    "22": {
-        "hostname": "",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
-        "logID": "10"
-    },
-    "23": {
         "hostname": "",
         "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "11"
-    },
-    "24": {
-        "__version__": "1.0.0",
-        "logID": "0",
-        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logSource": ""
-    },
-    "25": {
-        "__version__": "1.0.0",
-        "logID": "1",
-        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logSource": ""
-    },
-    "26": {
-        "__version__": "1.0.0",
-        "logID": "2",
-        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
-        "hostname": "",
-        "logSource": ""
-    },
-    "27": {
-        "__version__": "1.0.0",
-        "logID": "3",
-        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logSource": ""
-    },
-    "28": {
-        "__version__": "1.0.0",
-        "logID": "4",
-        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logSource": ""
-    },
-    "29": {
-        "__version__": "1.0.0",
-        "logID": "5",
-        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logSource": ""
-    },
-    "30": {
-        "__version__": "1.0.0",
-        "logID": "6",
-        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "hostname": "",
-        "logSource": ""
-    },
-    "31": {
-        "__version__": "1.0.0",
-        "logID": "7",
-        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "hostname": "",
-        "logSource": ""
-    },
-    "32": {
-        "__version__": "1.0.0",
-        "logID": "8",
-        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logSource": ""
-    },
-    "33": {
-        "__version__": "1.0.0",
-        "logID": "9",
-        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logSource": ""
-    },
-    "34": {
-        "__version__": "1.0.0",
-        "logID": "10",
-        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
-        "hostname": "",
-        "logSource": ""
-    },
-    "35": {
-        "__version__": "1.0.0",
-        "logID": "11",
-        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logSource": ""
-    },
-    "36": {
-        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "0",
-        "hostname": "",
-        "__version__": "1.0.0",
-        "logSource": ""
-    },
-    "37": {
-        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "1",
-        "hostname": "",
-        "__version__": "1.0.0",
-        "logSource": ""
+        "logID": "1"
     },
-    "38": {
+    "2": {
         "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
-        "logID": "2",
-        "hostname": "",
-        "__version__": "1.0.0",
-        "logSource": ""
-    },
-    "39": {
-        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "3",
-        "hostname": "",
-        "__version__": "1.0.0",
-        "logSource": ""
-    },
-    "40": {
-        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "4",
-        "hostname": "",
-        "__version__": "1.0.0",
-        "logSource": ""
-    },
-    "41": {
-        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "5",
-        "hostname": "",
-        "__version__": "1.0.0",
-        "logSource": ""
-    },
-    "42": {
-        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "logID": "6",
-        "hostname": "",
-        "__version__": "1.0.0",
-        "logSource": ""
-    },
-    "43": {
-        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "logID": "7",
-        "hostname": "",
-        "__version__": "1.0.0",
-        "logSource": ""
-    },
-    "44": {
-        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "8",
-        "hostname": "",
-        "__version__": "1.0.0",
-        "logSource": ""
-    },
-    "45": {
-        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "9",
-        "hostname": "",
         "__version__": "1.0.0",
-        "logSource": ""
-    },
-    "46": {
-        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
-        "logID": "10",
-        "hostname": "",
-        "__version__": "1.0.0",
-        "logSource": ""
-    },
-    "47": {
-        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "11",
-        "hostname": "",
-        "__version__": "1.0.0",
-        "logSource": ""
-    },
-    "48": {
-        "__version__": "1.0.0",
-        "logSource": "",
-        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logID": "0"
-    },
-    "49": {
-        "__version__": "1.0.0",
-        "logSource": "",
-        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
         "hostname": "",
-        "logID": "1"
-    },
-    "50": {
-        "__version__": "1.0.0",
         "logSource": "",
-        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
-        "hostname": "",
         "logID": "2"
     },
-    "51": {
-        "__version__": "1.0.0",
-        "logSource": "",
+    "3": {
         "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logID": "3"
-    },
-    "52": {
-        "__version__": "1.0.0",
-        "logSource": "",
-        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logID": "4"
-    },
-    "53": {
-        "__version__": "1.0.0",
-        "logSource": "",
-        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logID": "5"
-    },
-    "54": {
-        "__version__": "1.0.0",
-        "logSource": "",
-        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "hostname": "",
-        "logID": "6"
-    },
-    "55": {
-        "__version__": "1.0.0",
-        "logSource": "",
-        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "hostname": "",
-        "logID": "7"
-    },
-    "56": {
-        "__version__": "1.0.0",
-        "logSource": "",
-        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logID": "8"
-    },
-    "57": {
-        "__version__": "1.0.0",
-        "logSource": "",
-        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logID": "9"
-    },
-    "58": {
         "__version__": "1.0.0",
-        "logSource": "",
-        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
         "hostname": "",
-        "logID": "10"
-    },
-    "59": {
-        "__version__": "1.0.0",
-        "logSource": "",
-        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "hostname": "",
-        "logID": "11"
-    },
-    "60": {
-        "logSource": "",
-        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "0",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "61": {
         "logSource": "",
-        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "1",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "62": {
-        "logSource": "",
-        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
-        "logID": "2",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "63": {
-        "logSource": "",
-        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "3",
-        "__version__": "1.0.0",
-        "hostname": ""
+        "logID": "3"
     },
-    "64": {
-        "logSource": "",
+    "4": {
         "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "4",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "65": {
-        "logSource": "",
-        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "5",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "66": {
-        "logSource": "",
-        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "logID": "6",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "67": {
-        "logSource": "",
-        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
-        "logID": "7",
         "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "68": {
-        "logSource": "",
-        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "8",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "69": {
-        "logSource": "",
-        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "9",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "70": {
-        "logSource": "",
-        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
-        "logID": "10",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "71": {
-        "logSource": "",
-        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
-        "logID": "11",
-        "__version__": "1.0.0",
-        "hostname": ""
-    },
-    "72": {
-        "hostname": "",
-        "logID": "0",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
-    },
-    "73": {
-        "hostname": "",
-        "logID": "1",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
-    },
-    "74": {
-        "hostname": "",
-        "logID": "2",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1"
-    },
-    "75": {
-        "hostname": "",
-        "logID": "3",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
-    },
-    "76": {
-        "hostname": "",
-        "logID": "4",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
-    },
-    "77": {
-        "hostname": "",
-        "logID": "5",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
-    },
-    "78": {
-        "hostname": "",
-        "logID": "6",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
-    },
-    "79": {
-        "hostname": "",
-        "logID": "7",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
-    },
-    "80": {
-        "hostname": "",
-        "logID": "8",
-        "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
-    },
-    "81": {
         "hostname": "",
-        "logID": "9",
         "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        "logID": "4"
     },
-    "82": {
-        "hostname": "",
-        "logID": "10",
-        "logSource": "",
+    "5": {
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
         "__version__": "1.0.0",
-        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1"
-    },
-    "83": {
         "hostname": "",
-        "logID": "11",
         "logSource": "",
-        "__version__": "1.0.0",
-        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        "logID": "5"
     },
-    "84": {
-        "logID": "0",
+    "6": {
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
         "__version__": "1.0.0",
-        "logSource": "",
         "hostname": "",
-        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
-    },
-    "85": {
-        "logID": "1",
-        "__version__": "1.0.0",
         "logSource": "",
-        "hostname": "",
-        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        "logID": "6"
     },
-    "86": {
-        "logID": "2",
+    "7": {
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
         "__version__": "1.0.0",
-        "logSource": "",
         "hostname": "",
-        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1"
-    },
-    "87": {
-        "logID": "3",
-        "__version__": "1.0.0",
         "logSource": "",
-        "hostname": "",
-        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        "logID": "7"
     },
-    "88": {
-        "logID": "4",
+    "8": {
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
         "__version__": "1.0.0",
-        "logSource": "",
         "hostname": "",
-        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
-    },
-    "89": {
-        "logID": "5",
-        "__version__": "1.0.0",
         "logSource": "",
-        "hostname": "",
-        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        "logID": "8"
     },
-    "90": {
-        "logID": "6",
+    "9": {
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
         "__version__": "1.0.0",
-        "logSource": "",
         "hostname": "",
-        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
-    },
-    "91": {
-        "logID": "7",
-        "__version__": "1.0.0",
         "logSource": "",
-        "hostname": "",
-        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
+        "logID": "9"
     },
-    "92": {
-        "logID": "8",
+    "10": {
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
         "__version__": "1.0.0",
-        "logSource": "",
         "hostname": "",
-        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
-    },
-    "93": {
-        "logID": "9",
-        "__version__": "1.0.0",
         "logSource": "",
-        "hostname": "",
-        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        "logID": "10"
     },
-    "94": {
-        "logID": "10",
+    "11": {
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
         "__version__": "1.0.0",
-        "logSource": "",
         "hostname": "",
-        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1"
-    },
-    "95": {
-        "logID": "11",
-        "__version__": "1.0.0",
         "logSource": "",
-        "hostname": "",
-        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        "logID": "11"
     }
 }
\ No newline at end of file

From 6e627c1d53a01b8213c164680afc42c0388af483 Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Wed, 25 Feb 2026 15:21:27 +0100
Subject: [PATCH 03/16] add data.json in documentation

---
 README.md                 | 1 +
 docs/create_components.md | 1 +
 2 files changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 6c910f2..75442af 100644
--- a/README.md
+++ b/README.md
@@ -89,6 +89,7 @@ workspaces/custom_parser/          # workspace root
 │   └── custom_parser.py           # CoreParser-based template
 ├── tests/
 │   └── test_custom_parser.py      # generated from template to test custom_parser
+├── data.json                      # example data to run the code
 ├── LICENSE.md                     # copied from main project
 ├── .gitignore                     # copied from main project
 ├── .pre-commit-config.yaml        # copied from main project
diff --git a/docs/create_components.md b/docs/create_components.md
index aaac1cb..3143e2d 100644
--- a/docs/create_components.md
+++ b/docs/create_components.md
@@ -37,6 +37,7 @@ workspaces/custom_parser/          # workspace root
 │   └── custom_parser.py           # CoreParser-based template
 ├── tests/
 │   └── test_custom_parser.py      # generated from template to test custom_parser
+├── data.json                      # example data to run the code
 ├── LICENSE.md                     # copied from main project
 ├── .gitignore                     # copied from main project
 ├── .pre-commit-config.yaml        # copied from main project

From 56c52978cbf1ea9699a088bc1ec617bf69cfd005 Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Wed, 25 Feb 2026 15:42:13 +0100
Subject: [PATCH 04/16] add basic usage - parser tutorial

---
 docs/basic_usage.md | 84 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 83 insertions(+), 1 deletion(-)

diff --git a/docs/basic_usage.md b/docs/basic_usage.md
index 4207789..e0289be 100644
--- a/docs/basic_usage.md
+++ b/docs/basic_usage.md
@@ -1,9 +1,91 @@
 
 # Getting started:  Basic usage
 
-Basic usage of the DetectMate Library.
+In this section we will show different examples of the basic usage of the DetectMate Library.
 
+## Parser
 
+In this example, we will use the [`MatcherParser`](parsers/template_matcher.md) to parser audit data from the [AIT Log Data Set V2.0](https://zenodo.org/records/5789064). The code loads the logs, parse them and save the input and output in json files using [`from_to`](helper/from_to.md) module.
 
+```python
+from detectmatelibrary.parsers.template_matcher import MatcherParser
+from detectmatelibrary.helper.from_to import From, To
+
+
+config_dict = {
+    "parsers": {
+        "MatcherParser": {
+            "auto_config": True,
+            "method_type": "matcher_parser",
+            "path_templates": "ait_audit.txt",
+            "log_format": r'type=<Type> msg=audit\(<Time>:<Serial>\): <Content>'
+        }
+    }
+}
+parser = MatcherParser(name="MatcherParser", config=config_dict)
+
+
+for i, log in enumerate(From.log(parser, "audit.log", do_process=False)):
+    To.json(log, "logs.json")
+
+    parsed_log = parser.process(log)
+    To.json(parsed_log, "parsed_log.json")
+
+```
+
+The `logs.json` will save logs in this format:
+
+```json
+{
+"0": {
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "0"
+    },
+...
+}
+```
+And the `parsed_log.json`:
+
+```json
+{
+    "0": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "10",
+        "logID": "0",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_ACCT",
+            "Serial": "375",
+            "Time": "1642723741.072",
+            "Content": "pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "4294967295",
+            "4294967295",
+            "PAM:accounting",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+...
+}
+```
+
+## Detector
 
 Go back to [Index](index.md), to previous step: [Installation](installation.md) or to next step: [Create new component](create_components.md).

From 968661f6ae4d1bde99859ea369c078fd11d99dd7 Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Wed, 25 Feb 2026 16:15:39 +0100
Subject: [PATCH 05/16] add random detector in basic usage

---
 docs/basic_usage.md | 66 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 65 insertions(+), 1 deletion(-)

diff --git a/docs/basic_usage.md b/docs/basic_usage.md
index e0289be..d63cc43 100644
--- a/docs/basic_usage.md
+++ b/docs/basic_usage.md
@@ -33,7 +33,7 @@ for i, log in enumerate(From.log(parser, "audit.log", do_process=False)):
 
 ```
 
-The `logs.json` will save logs in this format:
+The logs will be save in `lgos.json` in this format:
 
 ```json
 {
@@ -88,4 +88,68 @@ And the `parsed_log.json`:
 
 ## Detector
 
+In this example, we will use the [`RandomDetector`](detectors/random_detector.md) with the parsed logs from the previous example.
+
+```python
+from detectmatelibrary.parsers.template_matcher import MatcherParser
+from detectmatelibrary.helper.from_to import From, To, FromTo
+
+config_dict = {
+    "detectors": {
+        "RandomDetector": {
+            "auto_config": False,
+            "method_type": "random_detector",
+            "params": {},
+            "events": {
+                1: {
+                    "test": {
+                        "params": {},
+                        "variables": [{
+                            "pos": 0,
+                            "name": "process",
+                            "params": {
+                                "threshold": 0.
+                            }
+                        }]
+                    }
+                }
+            }
+        }
+    }
+}
+detector =  RandomDetector(name="RandomDetector", config=config_dict)
+
+for alert in FromTo.json2json(detector, "parsed_log.json", "alerts.json"):
+    if alert is not None:
+        print("Anomaly detected!")
+```
+
+The alerts will be save in `alerts.json` in this format:
+
+```json
+{
+    "0": {
+        "extractedTimestamps": [
+            1642723752
+        ],
+        "receivedTimestamp": 1772032073,
+        "score": 1.0,
+        "detectionTimestamp": 1772032073,
+        "alertID": "10",
+        "detectorType": "random_detector",
+        "detectorID": "RandomDetector",
+        "description": "",
+        "__version__": "1.0.0",
+        "logIDs": [
+            "6"
+        ],
+        "alertsObtain": {
+            "process": "1.0"
+        }
+    },
+...
+}
+```
+
+
 Go back to [Index](index.md), to previous step: [Installation](installation.md) or to next step: [Create new component](create_components.md).

From 96462426f3a8c2866c91d11457d98e46306e9b3f Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Wed, 25 Feb 2026 16:21:23 +0100
Subject: [PATCH 06/16] minor change

---
 docs/basic_usage.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/basic_usage.md b/docs/basic_usage.md
index d63cc43..b332c20 100644
--- a/docs/basic_usage.md
+++ b/docs/basic_usage.md
@@ -1,7 +1,7 @@
 
 # Getting started:  Basic usage
 
-In this section we will show different examples of the basic usage of the DetectMate Library.
+In this section, we will show different examples of the basic usage of the DetectMate Library.
 
 ## Parser
 

From f3c4860e6ebb0a64ade8596037be3a38c8269726 Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Wed, 25 Feb 2026 16:24:30 +0100
Subject: [PATCH 07/16] minor change

---
 docs/basic_usage.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/basic_usage.md b/docs/basic_usage.md
index b332c20..34e4ad7 100644
--- a/docs/basic_usage.md
+++ b/docs/basic_usage.md
@@ -33,7 +33,7 @@ for i, log in enumerate(From.log(parser, "audit.log", do_process=False)):
 
 ```
 
-The logs will be save in `lgos.json` in this format:
+The logs will be save in `logs.json` in this format:
 
 ```json
 {

From 063b5a2abfaacc7a774926f764f44fef28252889 Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Thu, 26 Feb 2026 14:10:09 +0100
Subject: [PATCH 08/16] change relative paths

---
 src/tools/workspace/templates/CustomDetector.py | 2 +-
 src/tools/workspace/templates/CustomParser.py   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tools/workspace/templates/CustomDetector.py b/src/tools/workspace/templates/CustomDetector.py
index d1bc53d..07f6b8d 100644
--- a/src/tools/workspace/templates/CustomDetector.py
+++ b/src/tools/workspace/templates/CustomDetector.py
@@ -62,5 +62,5 @@ def detect(
     print(detector := CustomDetector())
 
     print("Running with data...")
-    for alerts in From.json(detector, "../data.json"):
+    for alerts in From.json(detector, "data.json"):
         print(alerts)
diff --git a/src/tools/workspace/templates/CustomParser.py b/src/tools/workspace/templates/CustomParser.py
index 7cc89ba..a40a932 100644
--- a/src/tools/workspace/templates/CustomParser.py
+++ b/src/tools/workspace/templates/CustomParser.py
@@ -51,5 +51,5 @@ def parse(
     print(parser := CustomParser())
 
     print("Running with data...")
-    for parsed_log in From.json(parser, "../data.json"):
+    for parsed_log in From.json(parser, "data.json"):
         print(parsed_log)

From 9359c827ce990a62fcbaea949ff4e47e15948f60 Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Thu, 26 Feb 2026 14:24:07 +0100
Subject: [PATCH 09/16] correct small bug in method name

---
 src/tools/workspace/create_workspace.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/tools/workspace/create_workspace.py b/src/tools/workspace/create_workspace.py
index c5fa4fc..a1e1f27 100644
--- a/src/tools/workspace/create_workspace.py
+++ b/src/tools/workspace/create_workspace.py
@@ -65,6 +65,7 @@ def create_tests(type_: str, name: str, workspace_root: Path, pkg_name: str) ->
     # replace the remaining occurrences of CustomParser/CustomDetector
     # with the new class name (inside the tests)
     content = content.replace(base_class, new_class)
+    content = content.replace(f"custom_{type_}", f"{name}_{type_}")
     content = content.rstrip() + "\n"
 
     test_file.write_text(content)
@@ -110,6 +111,7 @@ def create_workspace(type_: str, name: str, target_dir: Path) -> None:
         original_class = f"Custom{type_.capitalize()}"
         new_class = camelize(name)
         template_content = template_content.replace(original_class, new_class)
+        template_content = template_content.replace(f"custom_{type_}", f"{name}_{type_}")
 
         target_code_file.write_text(template_content)
 

From 20666c063106d82fe269361eb218721595771b17 Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Thu, 26 Feb 2026 14:49:02 +0100
Subject: [PATCH 10/16] correct unittest and update readme

---
 src/tools/workspace/create_workspace.py       |  2 +-
 src/tools/workspace/utils.py                  | 50 +++----------------
 tests/test_workspace/test_create_workspace.py |  1 +
 3 files changed, 9 insertions(+), 44 deletions(-)

diff --git a/src/tools/workspace/create_workspace.py b/src/tools/workspace/create_workspace.py
index a1e1f27..4045713 100644
--- a/src/tools/workspace/create_workspace.py
+++ b/src/tools/workspace/create_workspace.py
@@ -65,7 +65,7 @@ def create_tests(type_: str, name: str, workspace_root: Path, pkg_name: str) ->
     # replace the remaining occurrences of CustomParser/CustomDetector
     # with the new class name (inside the tests)
     content = content.replace(base_class, new_class)
-    content = content.replace(f"custom_{type_}", f"{name}_{type_}")
+    content = content.replace(f'"custom_{type_}"', f'"{name}_{type_}"')
     content = content.rstrip() + "\n"
 
     test_file.write_text(content)
diff --git a/src/tools/workspace/utils.py b/src/tools/workspace/utils.py
index 516ee66..bcd10c6 100644
--- a/src/tools/workspace/utils.py
+++ b/src/tools/workspace/utils.py
@@ -27,7 +27,6 @@ def create_readme(name: str, ws_type: str, target_impl: Path, target_dir: Path)
         target_dir (Path): Directory where the README will be created.
     """
     # Import path to the implementation module, e.g. "MyCoolThing.MyCoolThing"
-    impl_module = f"{target_dir.name}.{target_impl.stem}"
 
     readme_text = textwrap.dedent(
         f"""
@@ -79,7 +78,7 @@ def create_readme(name: str, ws_type: str, target_impl: Path, target_dir: Path)
 
         ```bash
         # Install Git hooks from .pre-commit-config.yaml using prek
-        prek install
+        uv sync
 
         # You can run all hooks on the full codebase with:
         # prek run --all-files
@@ -87,53 +86,18 @@ def create_readme(name: str, ws_type: str, target_impl: Path, target_dir: Path)
 
         After this, hooks will run automatically on each commit.
 
-        ## Alternative setup (pip instead of uv)
-
-        If you prefer plain `pip`, you can set things up like this instead:
-
-        ```bash
-        cd <workspace-root>
-
-        # Create a virtual environment
-        python -m venv .venv
-
-        # Activate it
-        source .venv/bin/activate         # Linux/macOS
-        # .venv\\Scripts\\activate          # Windows
-
-        # Install the project in editable mode with dev dependencies
-        pip install -e .[dev]
-        ```
-
-        With `pip`, `prek` will still be available from the virtual environment,
-        and you can use the same `prek install` command to install hooks.
 
         ## Next steps
 
-        Open `{target_impl.name}` and implement your custom {ws_type}.
-
-        ## (Optional) Run it as a Service
+        Open `{target_impl.name}` and implement your custom {ws_type}. Execute it with example data doing:
 
-        You can run your {ws_type} as a Service using the DetectMateService, which is added as
-        an optional dependency in the `dev` extras.
-
-        For this, create a settings file (e.g., `service_settings.yaml`) in the workspace root,
-        which could look like this:
-
-        ```yaml
-        component_name: {name}
-        component_type: {impl_module}.{name}
-        component_config_class: {impl_module}.{name}Config
-        log_level: DEBUG
-        log_dir: ./logs
-        manager_addr: ipc:///tmp/{name.lower()}_cmd.ipc
-        engine_addr: ipc:///tmp/{name.lower()}_engine.ipc
+        ```python
+        python {target_impl.name.replace('.py', '')}/{target_impl.name}
         ```
+        and run the custom unitests doing:
 
-        Then start your {ws_type} service with:
-
-        ```bash
-        detectmate start --settings service_settings.yaml
+        ```python
+        python -m pytest
         ```
 
         For more info about DetectMate Service, see https://github.com/ait-detectmate/DetectMateService.
diff --git a/tests/test_workspace/test_create_workspace.py b/tests/test_workspace/test_create_workspace.py
index 189a050..f408ec9 100644
--- a/tests/test_workspace/test_create_workspace.py
+++ b/tests/test_workspace/test_create_workspace.py
@@ -113,6 +113,7 @@ def test_create_workspace_with_dash_name(temp_dir: Path):
 
     # check that the generated test imports use the normalized names
     content = test_file.read_text()
+    print(content)
     assert f"from {pkg_name}.{module_name} import " in content
 
 

From 33f79838343c2920d70335435833fdfdb22f52ae Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Thu, 26 Feb 2026 14:52:06 +0100
Subject: [PATCH 11/16] Add links to official documentations

---
 src/tools/workspace/utils.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/tools/workspace/utils.py b/src/tools/workspace/utils.py
index bcd10c6..7d88ac8 100644
--- a/src/tools/workspace/utils.py
+++ b/src/tools/workspace/utils.py
@@ -100,10 +100,10 @@ def create_readme(name: str, ws_type: str, target_impl: Path, target_dir: Path)
         python -m pytest
         ```
 
-        For more info about DetectMate Service, see https://github.com/ait-detectmate/DetectMateService.
+        For more information check the official documentation:
 
-        Make sure you run this command from within the virtual environment where you installed
-        this workspace (e.g. after `uv venv && source .venv/bin/activate`).
+        * [DetectMateLibrary](https://ait-detectmate.github.io/DetectMateLibrary/latest/)
+        * [DetectMateService](https://ait-detectmate.github.io/DetectMateService/latest/)
         """
     ).strip() + "\n"
 

From ff7f1d8743ce64d6ead53ae6d19946395adba07f Mon Sep 17 00:00:00 2001
From: "angre.garcia-gomez@ait.ac.at" <angre.garcia-gomez@ait.ac.at>
Date: Thu, 26 Feb 2026 16:14:45 +0100
Subject: [PATCH 12/16] update docs and remove a print statement

---
 docs/create_components.md                     | 12 +++++++++---
 docs/implement_components.md                  |  7 -------
 docs/index.md                                 |  1 -
 mkdocs.yml                                    |  1 -
 tests/test_workspace/test_create_workspace.py |  1 -
 5 files changed, 9 insertions(+), 13 deletions(-)
 delete mode 100644 docs/implement_components.md

diff --git a/docs/create_components.md b/docs/create_components.md
index 3143e2d..2debd11 100644
--- a/docs/create_components.md
+++ b/docs/create_components.md
@@ -5,7 +5,7 @@ DetectMateLibrary includes a small CLI helper to bootstrap standalone workspaces
 for custom parsers and detectors. This is useful if you want to develop and test
 components in isolation while still using the same library and schemas.
 
-### Usage
+## Usage
 
 The CLI entry point is `mate` with a `create` command:
 
@@ -20,7 +20,7 @@ mate create --type <parser|detector> --name <workspace_name> --dir <target_dir>
 | `--dir`  | Directory where the workspace will be created                                                                                                                                 |
 
 
-### What gets generated
+## What gets generated
 
 For example:
 
@@ -45,7 +45,13 @@ workspaces/custom_parser/          # workspace root
 └── README.md                      # setup instructions
 ```
 
+## Add component to DetectMateLibrary
 
+To add the new component to the `DetectMateLibrary`, you need to add the component file to the specific folder and update the import paths.
 
+* **Detector**: Add the detector file component in `src/detectmatelibrary/detectors` and the unit tests in `tests/test_detectors`.
+* **Parsers**: Add the parser file component in `src/detectmatelibrary/parsers` and the unit tests in `tests/test_parsers`.
 
-Go back to [Index](index.md), to previous step: [Basic usage](basic_usage.md) or to next step: [Implement new component](implement_components.md).
+Once that is complete, **ensure that all unit tests and the pre-commit process are successful**.
+
+Go back to [Index](index.md), to previous step: [Basic usage](basic_usage.md).
diff --git a/docs/implement_components.md b/docs/implement_components.md
deleted file mode 100644
index f1c0a31..0000000
--- a/docs/implement_components.md
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-# Getting started: Implement new component
-
-
-
-Go back to [Index](index.md) or to previous step: [Create new component](create_components.md).
diff --git a/docs/index.md b/docs/index.md
index 8225cfb..d8dd0d0 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -11,7 +11,6 @@ List of steps to follow for new users of the library:
 * [Installation](installation.md): steps to install all the components need it.
 * [Basic usage](basic_usage.md): create a basic script with the different components.
 * [Create new component](create_components.md): guide to use the mate commands.
-* [Implement new component](implement_components.md): guide to implement your own component.
 
 ## Components
 
diff --git a/mkdocs.yml b/mkdocs.yml
index 5e675f2..b2b0de9 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -10,7 +10,6 @@ nav:
     - Installation: installation.md
     - Basic usage: basic_usage.md
     - Create new component: create_components.md
-    - Implement new component: implement_components.md
   - Components:
     - Overall architecture: overall_architecture.md
     - Schemas: schemas.md
diff --git a/tests/test_workspace/test_create_workspace.py b/tests/test_workspace/test_create_workspace.py
index f408ec9..189a050 100644
--- a/tests/test_workspace/test_create_workspace.py
+++ b/tests/test_workspace/test_create_workspace.py
@@ -113,7 +113,6 @@ def test_create_workspace_with_dash_name(temp_dir: Path):
 
     # check that the generated test imports use the normalized names
     content = test_file.read_text()
-    print(content)
     assert f"from {pkg_name}.{module_name} import " in content
 
 

From e77c7aa4e87e4c6632f11f85f8c6687ea8f8172c Mon Sep 17 00:00:00 2001
From: "V. Beck" <95294548+viktorbeck98@users.noreply.github.com>
Date: Mon, 2 Mar 2026 12:07:13 +0100
Subject: [PATCH 13/16] Update docs/basic_usage.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 docs/basic_usage.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/basic_usage.md b/docs/basic_usage.md
index 34e4ad7..9e61c9c 100644
--- a/docs/basic_usage.md
+++ b/docs/basic_usage.md
@@ -5,7 +5,7 @@ In this section, we will show different examples of the basic usage of the Detec
 
 ## Parser
 
-In this example, we will use the [`MatcherParser`](parsers/template_matcher.md) to parser audit data from the [AIT Log Data Set V2.0](https://zenodo.org/records/5789064). The code loads the logs, parse them and save the input and output in json files using [`from_to`](helper/from_to.md) module.
+In this example, we will use the [`MatcherParser`](parsers/template_matcher.md) to parse audit data from the [AIT Log Data Set V2.0](https://zenodo.org/records/5789064). The code loads the logs, parse them and save the input and output in json files using [`from_to`](helper/from_to.md) module.
 
 ```python
 from detectmatelibrary.parsers.template_matcher import MatcherParser

From d207fbb3efa9347d410d6770e1b3dc91fcbb0807 Mon Sep 17 00:00:00 2001
From: "V. Beck" <95294548+viktorbeck98@users.noreply.github.com>
Date: Mon, 2 Mar 2026 12:07:34 +0100
Subject: [PATCH 14/16] Update docs/basic_usage.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 docs/basic_usage.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/basic_usage.md b/docs/basic_usage.md
index 9e61c9c..3a502f1 100644
--- a/docs/basic_usage.md
+++ b/docs/basic_usage.md
@@ -124,7 +124,7 @@ for alert in FromTo.json2json(detector, "parsed_log.json", "alerts.json"):
         print("Anomaly detected!")
 ```
 
-The alerts will be save in `alerts.json` in this format:
+The alerts will be saved in `alerts.json` in this format:
 
 ```json
 {

From 4406442a64c818aee23b91e479c03b0d34f3d52b Mon Sep 17 00:00:00 2001
From: "V. Beck" <95294548+viktorbeck98@users.noreply.github.com>
Date: Mon, 2 Mar 2026 12:08:01 +0100
Subject: [PATCH 15/16] Update docs/basic_usage.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 docs/basic_usage.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/basic_usage.md b/docs/basic_usage.md
index 3a502f1..b24141f 100644
--- a/docs/basic_usage.md
+++ b/docs/basic_usage.md
@@ -33,7 +33,7 @@ for i, log in enumerate(From.log(parser, "audit.log", do_process=False)):
 
 ```
 
-The logs will be save in `logs.json` in this format:
+The logs will be saved in `logs.json` in this format:
 
 ```json
 {

From 8876fc815d14f510612ada035d98745893363826 Mon Sep 17 00:00:00 2001
From: "V. Beck" <95294548+viktorbeck98@users.noreply.github.com>
Date: Mon, 2 Mar 2026 12:08:23 +0100
Subject: [PATCH 16/16] Update src/tools/workspace/utils.py

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 src/tools/workspace/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tools/workspace/utils.py b/src/tools/workspace/utils.py
index 7d88ac8..3fd13ec 100644
--- a/src/tools/workspace/utils.py
+++ b/src/tools/workspace/utils.py
@@ -94,7 +94,7 @@ def create_readme(name: str, ws_type: str, target_impl: Path, target_dir: Path)
         ```python
         python {target_impl.name.replace('.py', '')}/{target_impl.name}
         ```
-        and run the custom unitests doing:
+        and run the custom unit tests doing:
 
         ```python
         python -m pytest