Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

POST /config/event_sources/log_source_management/autodetection/config_records

SUMMARY Creates an Autodetection Config Record.

Creates an Autodetection Config Record.

Table 1: POST /config/event_sources/log_source_management/autodetection/config_records resource details:

POST /config/event_sources/log_source_management/autodetection/config_records resource details

MIME Type

application/json

Table 2: POST /config/event_sources/log_source_management/autodetection/config_records request parameter details:

POST /config/event_sources/log_source_management/autodetection/config_records request parameter details

Parameter Type Optionality Data Type MIME Type Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 3: POST /config/event_sources/log_source_management/autodetection/config_records request body details:

POST /config/event_sources/log_source_management/autodetection/config_records request body details

Parameter Data Type MIME Type Description Sample

config_record

Object

application/json

Required. A single Autodetection Config Record object has the following modifiable fields:
  • enabled - Boolean - If the associated log source type is enabled for autodetection, the condition is set to 'true'; otherwise, the condition is set to 'false'.
  • precedence - Number - When an event is received from an unknown source, each log source type that is eligible for autodetection attempts to parse the event in ascending order of precedence. Lower values are attempted before greater values.
  • minimum_successful_events - Number - The minimum number of events collected from a source that must be successfully parsed by the associated log source type for autodetection to occur.
  • minimum_success_rate - Number - The minimum parsing success rate for events from a source that the associated log source type must have for autodetection to occur. Expressed as (number of events successfully parsed) / (number of events attempted) * 100.
  • maximum_events_for_abandon - Number - The maximum number of events from a source that the associated log source type attempts to parse before it abandons tracking of that source. Note: If the conditions for autodetection (minimum_successful_events and minimum_success_rate) are met before this number of events are received, autodetection has already occurred and the log source type stopped tracking the source at that time.
  • consecutive_failures_for_abandon - Number - The number of consecutive events from a source that the associated log source type failed to parse which causes the log source type to abandon tracking the source.
  • log_source_name_template - String - The template that is used to set the name of autodetected log sources for the associated log source type. Two placeholder values can be used. These values are replaced by real values when the template is used for the creation of autodetected log sources. $$DEVICE_TYPE$$ is replaced with the log source type name. $$SOURCE_ADDRESS$$ is replaced with the log source's Log Source Identifier value. The default log_source_name_template is '$$DEVICE_TYPE$$ @ $$SOURCE_ADDRESS$$'.
  • log_source_description_template - String - The template that is used to set the description of autodetected log sources for the associated log source type. Two placeholder values can be used. These values are replaced by real values when the template is used for the creation of autodetected log sources. $$DEVICE_TYPE$$ is replaced with the log source type name. $$SOURCE_ADDRESS$$ is replaced with the log source's Log Source Identifier value. The default log_source_description_template is '$$DEVICE_TYPE$$ device'.
Any other set fields will be ignored.

{ "consecutive_failures_for_abandon": 42, "custom": true, "enabled": true, "id": 42, "log_source_description_template": "String", "log_source_name_template": "String", "log_source_type_id": 42, "maximum_events_for_abandon": 42, "minimum_success_rate": 42, "minimum_successful_events": 42, "precedence": 42 }

Table 4: POST /config/event_sources/log_source_management/autodetection/config_records response codes:

POST /config/event_sources/log_source_management/autodetection/config_records response codes

HTTP Response Code Unique Code Description

200

The Autodetection Config Record was created.

404

1000

The default TA Config does not exist.

422

1003

The valid range for the 'minimum_successful_events' parameter value is 1 to 1000.

422

1004

The valid range for the 'minimum_success_rate' parameter value is 1 to 100.

422

1005

The 'maximum_events_for_abandon' parameter must be a value greater than 'minimum_successful_events' and no greater than 100000.

422

1006

The valid range for the 'consecutive_failures_for_abandon' parameter value is 1 to 1000.

422

1008

The 'log_source_description_template' parameter value must not exceed 255 characters.

422

1012

null

500

1020

An error occurred during the attempt to create the Autodetection Config Record.

Response Description

The created Autodetection Config Record containing the following fields:
  • id - Number - The ID of the Autodetection Config Record.
  • log_source_type_id - Number - The ID of the Log Source Type that corresponds with the Autodetection Config Record. See the Log Source Type API (/api/config/event_sources/log_source_management/log_source_types/).
  • enabled - Boolean - If the associated log source type is enabled for autodetection, the condition is set to 'true'; otherwise, the condition is set to 'false'.
  • precedence - Number - When an event is received from an unknown source, each log source type that is eligible for autodetection attempts to parse the event in ascending order of precedence. Lower values are attempted before greater values.
  • minimum_successful_events - Number - The minimum number of events collected from a source that must be successfully parsed by the associated log source type for autodetection to occur.
  • minimum_success_rate - Number - The minimum parsing success rate for events from a source that the associated log source type must have for autodetection to occur. Expressed as (number of events successfully parsed) / (number of events attempted) * 100.
  • maximum_events_for_abandon - Number - The maximum number of events from a source that the associated log source type attempts to parse before it abandons tracking of that source. Note: If the conditions for autodetection (minimum_successful_events and minimum_success_rate) are met before this number of events are received, autodetection has already occurred and the log source type stopped tracking the source at that time.
  • consecutive_failures_for_abandon - Number - The number of consecutive events from a source that the associated log source type failed to parse which causes the log source type to abandon tracking the source.
  • log_source_name_template - String - The template that is used to set the name of autodetected log sources for the associated log source type. Two placeholder values can be used. These values are replaced by real values when the template is used for the creation of autodetected log sources. $$DEVICE_TYPE$$ is replaced with the log source type name. $$SOURCE_ADDRESS$$ is replaced with the log source's Log Source Identifier value. The default log_source_name_template is '$$DEVICE_TYPE$$ @ $$SOURCE_ADDRESS$$'.
  • log_source_description_template - String - The template that is used to set the description of autodetected log sources for the associated log source type. Two placeholder values can be used. These values are replaced by real values when the template is used for the creation of autodetected log sources. $$DEVICE_TYPE$$ is replaced with the log source type name. $$SOURCE_ADDRESS$$ is replaced with the log source's Log Source Identifier value. The default log_source_description_template is '$$DEVICE_TYPE$$ device'.

Response Sample