Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

GET /config/event_sources/log_source_management/ autodetection/config_records/{config_id}

Gets an individual Autodetection Config Record by id.

Gets an individual Autodetection Config Record by id.

Table 1: GET /config/event_sources/log_source_management/autodetection/config_records/{config_id} Resource Details

MIME Type

application/json

Table 2: GET /config/event_sources/log_source_management/autodetection/config_records/{config_id} Request Parameter Details

Parameter

Type

Optionality

Data Type

MIME Type

Description

config_id

path

Required

Number (Integer)

text/plain

Required. The ID of the Autodetection Config Record to retrieve.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 3: GET /config/event_sources/log_source_management/autodetection/config_records/{config_id} Response Codes

HTTP Response Code

Unique Code

Description

200

 

The Autodetection Config Record was retrieved.

404

1002

The Autodetection Config Record does not exist.

500

1020

An error occurred during the attempt to retrieve the Autodetection Config Record.

Response Description

The Autodetection Config Record containing the following fields:

  • id - Number - The ID of the Autodetection Config Record.

  • log_source_type_id - Number - The ID of the Log Source Type that corresponds with the Autodetection Config Record. See the Log Source Type API (/api/config/event_sources/log_source_management/log_source_types/).

  • enabled - Boolean - If the associated log source type is enabled for autodetection, the condition is set to 'true'; otherwise, the condition is set to 'false'.

  • precedence - Number - When an event is received from an unknown source, each log source type that is eligible for autodetection attempts to parse the event in ascending order of precedence. Lower values are attempted before greater values.

  • minimum_successful_events - Number - The minimum number of events collected from a source that must be successfully parsed by the associated log source type for autodetection to occur.

  • minimum_success_rate - Number - The minimum parsing success rate for events from a source that the associated log source type must have for autodetection to occur. Expressed as (number of events successfully parsed) / (number of events attempted) * 100.

  • maximum_events_for_abandon - Number - The maximum number of events from a source that the associated log source type attempts to parse before it abandons tracking of that source. Note: If the conditions for autodetection (minimum_successful_events and minimum_success_rate) are met before this number of events are received, autodetection has already occurred and the log source type stopped tracking the source at that time.

  • consecutive_failures_for_abandon - Number - The number of consecutive events from a source that the associated log source type failed to parse which causes the log source type to abandon tracking the source.

  • log_source_name_template - String - The template that is used to set the name of autodetected log sources for the associated log source type. Two placeholder values can be used. These values are replaced by real values when the template is used for the creation of autodetected log sources. $$DEVICE_TYPE$$ is replaced with the log source type name. $$SOURCE_ADDRESS$$ is replaced with the log source's Log Source Identifier value. The default log_source_name_template is '$$DEVICE_TYPE$$ @ $$SOURCE_ADDRESS$$'.

  • log_source_description_template - String - The template that is used to set the description of autodetected log sources for the associated log source type. Two placeholder values can be used. These values are replaced by real values when the template is used for the creation of autodetected log sources. $$DEVICE_TYPE$$ is replaced with the log source type name. $$SOURCE_ADDRESS$$ is replaced with the log source's Log Source Identifier value. The default log_source_description_template is '$$DEVICE_TYPE$$ device'.

Response Sample