POST /config/event_sources/custom_properties/property_leef_expressions

Creates a new Ariel Property LEEF Expression.

Creates a new Ariel Property LEEF Expression.

Table 1. POST /config/event_sources/custom_properties/property_leef_expressions resource details
MIME Type

application/json

Table 2. POST /config/event_sources/custom_properties/property_leef_expressions request parameter details
Parameter Type Optionality Data Type MIME Type Description

fields

header

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.
Table 3. POST /config/event_sources/custom_properties/property_leef_expressions request body details
Parameter Data Type MIME Type Description Sample

data

Object

application/json
Required - A JSON representation of the Ariel Property LEEF Expression object
  • regex_property_identifier - Required - String - The identifier of the Ariel Regex Property that this expression belongs to.
  • enabled - Optional - Boolean - Flag that indicates whether this expression is enabled. It defaults to true if not provided.
  • expression - Required - String - The key of the corresponding property value from the LEEF payload.
  • payload - Optional - String - A test payload. This parameter is only used in the UI so that you can verify your expression matches the expected payload.
  • log_source_type_id - Required - Integer - Optional field. If provided, this restricts the Ariel Property LEEF Expression to only evaluate against events for this log source type. Must be the id of an existing log source type.
  • log_source_id - Optional - Integer - Optional field. If provided, this restricts the Ariel Property LEEF Expression to only evaluate against events for this log source. Must be the id of an existing log source.
  • qid - Optional - Integer - The expression is only applied to events associated with this QID record.
  • low_level_category_id - Optional - Integer - Optional field. If provided, this restricts the Ariel Property LEEF Expression to only evaluate against events for this log source type. Must be the id of an existing log source type.

{ "creation_date": 42, "enabled": true, "expression": "String", "id": 42, "identifier": "String", "log_source_id": 42, "log_source_type_id": 42, "low_level_category_id": 42, "modification_date": 42, "payload": "String", "qid": 42, "regex_property_identifier": "String", "username": "String" }
Table 4. POST /config/event_sources/custom_properties/property_leef_expressions response codes
HTTP Response Code Unique Code Description

201

A new Ariel Property LEEF Expression was created.

422

1005

One or more request parameter are invalid in request.

500

1020

An error occurred during the attempt to create a new Ariel Property LEEF Expression.

Response Description

The newly created Ariel Property LEEF Expression that contains the following fields:
  • id - Long - The sequence ID of the Ariel Property LEEF Expression.
  • identifier - String - The ID of the Ariel property LEEF expression. This field can be used to uniquely identify the same property across all systems. Often times this field will be set to a valid rfc4122 UUID but do not rely on this since this field isn't always set to a valid rfc4122 UUID.
  • regex_property_identifier - String - The identifier of the Ariel Regex Property that this expression belongs to.
  • enabled - Boolean - Flag that indicates whether this expression is enabled.
  • expression - String - The key of the corresponding property value from the LEEF payload.
  • creation_date - Long - The epoch timestamp in milliseconds of the time the property was created.
  • modification_date - Long - The epoch timestamp in milliseconds of the time the property was last modified.
  • payload - String - A test payload. This parameter is only used in the UI so that you can verify your expression matches the expected payload.
  • log_source_type_id - Integer - Optional field. If provided, this restricts the Ariel Property LEEF Expression to only evaluate against events for this log source type. Must be the id of an existing log source type.
  • log_source_id - Integer - Optional field. If provided, this restricts the Ariel Property LEEF Expression to only evaluate against events for this log source. Must be the id of an existing log source.
  • qid - Integer - Optional field. If provided, this restricts the Ariel Property LEEF Expression to only evaluate against events for this log source type. Must be the id of an existing log source type.
  • low_level_category_id - Short - The expression is only applied to events with this low level category.
  • username - String - The owner of the Ariel property LEEF expression.

Response Sample


{
    "creation_date": 42,
    "enabled": true,
    "expression": "String",
    "id": 42,
    "identifier": "String",
    "log_source_id": 42,
    "log_source_type_id": 42,
    "low_level_category_id": 42,
    "modification_date": 42,
    "payload": "String",
    "qid": 42,
    "regex_property_identifier": "String",
    "username": "String"
}