Skip to main content

extraction_rules

Overview

Nameextraction_rules
TypeResource
Idsumologic.extraction_rules.extraction_rules

Fields

NameDatatypeDescription
idstringUnique identifier for the field extraction rule.
namestringName of the field extraction rule. Use a name that makes it easy to identify the rule.
createdAtstringCreation timestamp in UTC in RFC3339 format.
createdBystringIdentifier of the user who created the resource.
enabledbooleanIs the field extraction rule enabled.
fieldNamesarrayList of extracted fields from "parseExpression".
modifiedAtstringLast modification timestamp in UTC.
modifiedBystringIdentifier of the user who last modified the resource.
parseExpressionstringDescribes the fields to be parsed.
scopestringScope of the field extraction rule. This could be a sourceCategory, sourceHost, or any other metadata that describes the data you want to extract from. Think of the Scope as the first portion of an ad hoc search, before the first pipe ( | ). You'll use the Scope to run a search against the rule.

Methods

NameAccessible byRequired ParamsDescription
getExtractionRuleSELECTid, regionGet a field extraction rule with the given identifier.
listExtractionRulesSELECTregionGet a list of all field extraction rules. The response is paginated with a default limit of 100 field extraction rules per page.
createExtractionRuleINSERTregionCreate a new field extraction rule.
deleteExtractionRuleDELETEid, regionDelete a field extraction rule with the given identifier.
updateExtractionRuleEXECid, regionUpdate an existing field extraction rule. All properties specified in the request are replaced. Missing properties are set to their default values.