GET /config/event_sources/disconnected_log_collectors

Edit online

Retrieves a list of disconnected log collectors.

Table 1. GET /config/event_sources/disconnected_log_collectors resource details
MIME Type

application/json

Table 2. GET /config/event_sources/disconnected_log_collectors request parameter details
Parameter Type Optionality Data Type MIME Type Description

sort

query

Optional

String

text/plain

Optional - This parameter is used to sort the elements in a list.

fields

query

Optional

String

text/plain

Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

filter

query

Optional

String

text/plain

Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.

Range

header

Optional

String

text/plain

Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
Table 3. GET /config/event_sources/disconnected_log_collectors response codes
HTTP Response Code Unique Code Description

200

The disconnected log collectors were retrieved successfully.

422

1001

Invalid field.

422

1002

Invalid filter.

422

1003

Invalid sort criteria.

422

1004

Sort not supported on field.

500

1000

An error occurred during the attempt to retrieve the disconnected log collectors.

Response Description

The list of all disconnected log collectors. A disconnected log collector contains the following fields:
  • id - ID - The ID of the disconnected log collector.
  • uuid - UUID - The UUID of the disconnected log collector.
  • name - String - The name of the Disconnected Log Collector.
  • description - String - The description of the Disconnected Log Collector.
  • version - String - The version of the Disconnected Log Collector.
  • protocol - Enumeration - The transport protocol used by the Disconnected Log Collector to send events to QRadar. Possible Values are TLS and UDP.
  • status - Enumeration - The status of the Disconnected Log Collector. Possible Values are: CONNECTION_BUNDLE_PENDING, CONNECTION_BUNDLE_READY, SUCCESS, WARN, ERROR.
  • status_detail - List - The list of the status details of the Disconnected Log Collector, each item contains:
    • component_name - Enumeration - The component name of the status. Possible Values are: connection_bundle, event_collection, performance, management, connector_config
    • status - String - The status info defined in the status detail.
    • severity - Enumeration - The severity of the status. Possible Values are: INFO, WARN, ERROR.
    • message - String - The message define in status detail.
    • timestamp - Number - The timestamp in milliseconds since Epoch.
    • data - List - The list of component statuses, each item contains:
    • key - String - The key of the component status data object.
    • value> - String - The value of the component status data object.
  • creation_time - Number - The creation time in milliseconds since Epoch.
  • modified_time - Number - The modified time in milliseconds since Epoch.
  • managed - Boolean - The value is set to 'true' when a DLC is registered.
  • updates_enabled - Enumeration - The updates enabled value of the Disconnected Log Collector. Possible Values are NONE, CONFIG_ONLY, CONFIG_AND_SOFTWARE.
  • last_event_time - Number - The last event time in milliseconds since Epoch.
  • event_timeout_threshold - Number - The event timeout threshold of the Disconnected Log Collector.
  • supported_protocol_types - List - The List of supported protocol types in the Disconnected Log Collector, each item contains:
    • protocol_type_id - String - The protocol type id.
    • protocol_type_version - String - The version of the protocol type
    • install_failed - Boolean - This boolean indicates if the installation failed.
  • client_certificate - String - The client certificate, either provided during registration or generated.
  • public_encryption_keys - String - The public encryption keys. It is used to encrypt secrets in configurations.
  • public_authentication_keys - String - The public authentication keys.
  • host - String - The host field for storing IP address or hostname of system agent is installed on.

Response Sample


[
    {
        "client_certificate": "String",
        "creation_time": 42,
        "description": "String",
        "event_timeout_threshold": 42,
        "host": "String",
        "id": 42,
        "last_event_time": 42,
        "managed": true,
        "modified_time": 42,
        "name": "String",
        "protocol": "String",
        "public_authentication_keys": "String",
        "public_encryption_keys": "String",
        "status": "String",
        "status_detail": [
            {
                "component_name": "String",
                "data": [
                    {
                        "key": "String",
                        "value": "String"
                    }
                ],
                "message": "String",
                "severity": "String",
                "status": "String",
                "timestamp": 42
            }
        ],
        "supported_protocol_types": [
            {
                "install_failed": true,
                "protocol_type_id": 42,
                "protocol_type_version": "String"
            }
        ],
        "updates_enabled": "String",
        "uuid": "String",
        "version": "String"
    }
]