ON THIS PAGE
POST /config/event_sources/log_source_management/autodetection/config_records
SUMMARY Creates an Autodetection Config Record.
Creates an Autodetection Config Record.
MIME Type |
---|
application/json |
Parameter | Type | Optionality | Data Type | MIME Type | Description |
---|---|---|---|---|---|
fields |
header |
Optional |
String |
text/plain |
Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas. |
Parameter | Data Type | MIME Type | Description | Sample |
---|---|---|---|---|
config_record |
Object |
application/json |
Required. A single Autodetection Config Record object has the following modifiable fields:
|
{ "consecutive_failures_for_abandon": 42, "custom": true, "enabled": true, "id": 42, "log_source_description_template": "String", "log_source_name_template": "String", "log_source_type_id": 42, "maximum_events_for_abandon": 42, "minimum_success_rate": 42, "minimum_successful_events": 42, "precedence": 42 } |
HTTP Response Code | Unique Code | Description |
---|---|---|
200 |
The Autodetection Config Record was created. |
|
404 |
1000 |
The default TA Config does not exist. |
422 |
1003 |
The valid range for the 'minimum_successful_events' parameter value is 1 to 1000. |
422 |
1004 |
The valid range for the 'minimum_success_rate' parameter value is 1 to 100. |
422 |
1005 |
The 'maximum_events_for_abandon' parameter must be a value greater than 'minimum_successful_events' and no greater than 100000. |
422 |
1006 |
The valid range for the 'consecutive_failures_for_abandon' parameter value is 1 to 1000. |
422 |
1008 |
The 'log_source_description_template' parameter value must not exceed 255 characters. |
422 |
1012 |
null |
500 |
1020 |
An error occurred during the attempt to create the Autodetection Config Record. |
Response Description
- id - Number - The ID of the Autodetection Config Record.
- log_source_type_id - Number - The ID of the Log Source Type that corresponds with the Autodetection Config Record. See the Log Source Type API (/api/config/event_sources/log_source_management/log_source_types/).
- enabled - Boolean - If the associated log source type is enabled for autodetection, the condition is set to 'true'; otherwise, the condition is set to 'false'.
- precedence - Number - When an event is received from an unknown source, each log source type that is eligible for autodetection attempts to parse the event in ascending order of precedence. Lower values are attempted before greater values.
- minimum_successful_events - Number - The minimum number of events collected from a source that must be successfully parsed by the associated log source type for autodetection to occur.
- minimum_success_rate - Number - The minimum parsing success rate for events from a source that the associated log source type must have for autodetection to occur. Expressed as (number of events successfully parsed) / (number of events attempted) * 100.
- maximum_events_for_abandon - Number - The maximum number of events from a source that the associated log source type attempts to parse before it abandons tracking of that source. Note: If the conditions for autodetection (minimum_successful_events and minimum_success_rate) are met before this number of events are received, autodetection has already occurred and the log source type stopped tracking the source at that time.
- consecutive_failures_for_abandon - Number - The number of consecutive events from a source that the associated log source type failed to parse which causes the log source type to abandon tracking the source.
- log_source_name_template - String - The template that is used to set the name of autodetected log sources for the associated log source type. Two placeholder values can be used. These values are replaced by real values when the template is used for the creation of autodetected log sources. $$DEVICE_TYPE$$ is replaced with the log source type name. $$SOURCE_ADDRESS$$ is replaced with the log source's Log Source Identifier value. The default log_source_name_template is '$$DEVICE_TYPE$$ @ $$SOURCE_ADDRESS$$'.
- log_source_description_template - String - The template that is used to set the description of autodetected log sources for the associated log source type. Two placeholder values can be used. These values are replaced by real values when the template is used for the creation of autodetected log sources. $$DEVICE_TYPE$$ is replaced with the log source type name. $$SOURCE_ADDRESS$$ is replaced with the log source's Log Source Identifier value. The default log_source_description_template is '$$DEVICE_TYPE$$ device'.
Response Sample
{ "consecutive_failures_for_abandon": 42, "custom": true, "enabled": true, "id": 42, "log_source_description_template": "String", "log_source_name_template": "String", "log_source_type_id": 42, "maximum_events_for_abandon": 42, "minimum_success_rate": 42, "minimum_successful_events": 42, "precedence": 42 }