GET /config/event_sources/log_source_management/autodetection/config_records

Retrieves the list of Autodetection Config Records.

Retrieves the list of Autodetection Config Records.

Table 1. GET /config/event_sources/log_source_management/autodetection/config_records resource details
MIME Type

application/json

Table 2. GET /config/event_sources/log_source_management/autodetection/config_records request parameter details
Parameter Type Optionality Data Type MIME Type Description

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

sort

query

Optional

String

text/plain

Optional - This parameter is used to sort the elements in a list.
Table 3. GET /config/event_sources/log_source_management/autodetection/config_records response codes
HTTP Response Code Unique Code Description

200

The Autodetection Config Records were retrieved.

422

1009

Sorting is only supported for the 'id', 'log_source_type_id' and 'precedence' fields.

422

1010

The sort field that was provided does not exist.

422

1011

Sorting on multiple fields is not supported.

422

1019

A request parameter is not valid.

500

1020

An error occurred during the attempt to retrieve the Autodetection Config Records.

Response Description

An array of Autodetection Config Record objects. An Autodetection Config Record object contains the following fields:
  • id - Number - The ID of the Autodetection Config Record.
  • log_source_type_id - Number - The ID of the Log Source Type that corresponds with the Autodetection Config Record. See the Log Source Type API (/api/config/event_sources/log_source_management/log_source_types/).
  • enabled - Boolean - If the associated log source type is enabled for autodetection, the condition is set to 'true'; otherwise, the condition is set to 'false'.
  • precedence - Number - When an event is received from an unknown source, each log source type that is eligible for autodetection attempts to parse the event in ascending order of precedence. Lower values are attempted before greater values.
  • minimum_successful_events - Number - The minimum number of events collected from a source that must be successfully parsed by the associated log source type for autodetection to occur.
  • minimum_success_rate - Number - The minimum parsing success rate for events from a source that the associated log source type must have for autodetection to occur. Expressed as (number of events successfully parsed) / (number of events attempted) * 100.
  • maximum_events_for_abandon - Number - The maximum number of events from a source that the associated log source type attempts to parse before it abandons tracking of that source. Note: If the conditions for autodetection (minimum_successful_events and minimum_success_rate) are met before this number of events are received, autodetection has already occurred and the log source type stopped tracking the source at that time.
  • consecutive_failures_for_abandon - Number - The number of consecutive events from a source that the associated log source type failed to parse which causes the log source type to abandon tracking the source.
  • log_source_name_template - String - The template that is used to set the name of autodetected log sources for the associated log source type. Two placeholder values can be used. These values are replaced by real values when the template is used for the creation of autodetected log sources. $$DEVICE_TYPE$$ is replaced with the log source type name. $$SOURCE_ADDRESS$$ is replaced with the log source's Log Source Identifier value. The default log_source_name_template is '$$DEVICE_TYPE$$ @ $$SOURCE_ADDRESS$$'.
  • log_source_description_template - String - The template that is used to set the description of autodetected log sources for the associated log source type. Two placeholder values can be used. These values are replaced by real values when the template is used for the creation of autodetected log sources. $$DEVICE_TYPE$$ is replaced with the log source type name. $$SOURCE_ADDRESS$$ is replaced with the log source's Log Source Identifier value. The default log_source_description_template is '$$DEVICE_TYPE$$ device'.

Response Sample


[
    {
        "consecutive_failures_for_abandon": 42,
        "enabled": true,
        "id": 42,
        "log_source_description_template": "String",
        "log_source_name_template": "String",
        "log_source_type_id": 42,
        "maximum_events_for_abandon": 42,
        "minimum_success_rate": 42,
        "minimum_successful_events": 42,
        "precedence": 42
    }
]