IBM Cloud Logs CLI
You can use the IBM® Cloud Logs command-line interface (CLI) to manage your IBM Cloud Logs instance.
Prerequisites
-
Install the IBM Cloud CLI.
-
Install the IBM Cloud Logs CLI plug-in by running the following command:
ibmcloud plugin install logs
You're notified on the command line when updates to the IBM Cloud CLI and plug-ins are available. Be sure to keep your CLI up to date so that you can use the latest commands. You can view the current version of all installed plug-ins by running
ibmcloud plugin list
. -
To target the IBM Cloud Logs instance, use one of the following options.
-
Run the
ibmcloud logs config set
command.ibmcloud logs config set service-url https://{instance_ID}.api.{region}.logs.cloud.ibm.com
-
Export an environment variable with your IBM Cloud Logs service endpoint URL.
export LOGS_URL=https://{instance_ID}.api.{region}.logs.cloud.ibm.com
-
Set the service endpoint in the command.
ibmcloud logs --service-url https://{instance_ID}.api.{region}.logs.cloud.ibm.com
Replace
{instance_ID}
and{region}
with the values that apply to your IBM Cloud Logs service instance. The endpoint URL that is specific to your instance can be copied from the service details page in the IBM Cloud Logs UI. -
Global configuration commands
Global parameters can also be stored in persistent configuration so that they do not need to be manually specified each time the plugin is invoked. Each parameter can be configured with the config
command and its subcommands.
ibmcloud cloud-logs config
ibmcloud cloud-logs config
ibmcloud cloud-logs config set
Set a new config value for a specific option. The value
must be of type string.
ibmcloud cloud-logs config set <option> <value>
Examples
ibmcloud cloud-logs config set service-url \
'https://ibm.cloud.com/my-api'
ibmcloud cloud-logs config get
Display the currently set value for a specific option.
ibmcloud cloud-logs config get <option>
Examples
ibmcloud cloud-logs config get service-url
ibmcloud cloud-logs config unset
Unset the currently set value for a specific option.
The options available for this service are: service-url
, .
ibmcloud cloud-logs config unset <option>
Examples
ibmcloud cloud-logs config unset service-url
ibmcloud cloud-logs config list
List out all of the currently set config values.
ibmcloud cloud-logs config list
Examples
ibmcloud cloud-logs config list
Alerts
Create and manage alerts.
ibmcloud cloud-logs alert
Get an alert by ID.
ibmcloud cloud-logs alert --id ID
Command options
--id
(strfmt.UUID)-
Alert ID. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
.
Example
ibmcloud cloud-logs alert \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f
ibmcloud cloud-logs alert-update
Update an alert.
ibmcloud cloud-logs alert-update --id ID --name NAME --is-active IS-ACTIVE --severity SEVERITY [--condition CONDITION | --condition-immediate CONDITION-IMMEDIATE --condition-less-than CONDITION-LESS-THAN --condition-more-than CONDITION-MORE-THAN --condition-more-than-usual CONDITION-MORE-THAN-USUAL --condition-new-value CONDITION-NEW-VALUE --condition-flow CONDITION-FLOW --condition-unique-count CONDITION-UNIQUE-COUNT --condition-less-than-usual CONDITION-LESS-THAN-USUAL] --notification-groups NOTIFICATION-GROUPS [--filters FILTERS | --filters-severities FILTERS-SEVERITIES --filters-metadata FILTERS-METADATA --filters-alias FILTERS-ALIAS --filters-text FILTERS-TEXT --filters-ratio-alerts FILTERS-RATIO-ALERTS --filters-filter-type FILTERS-FILTER-TYPE] [--description DESCRIPTION] [--expiration EXPIRATION | --expiration-year EXPIRATION-YEAR --expiration-month EXPIRATION-MONTH --expiration-day EXPIRATION-DAY] [--active-when ACTIVE-WHEN | --active-when-timeframes ACTIVE-WHEN-TIMEFRAMES] [--notification-payload-filters NOTIFICATION-PAYLOAD-FILTERS] [--meta-labels META-LABELS] [--meta-labels-strings META-LABELS-STRINGS] [--incident-settings INCIDENT-SETTINGS | --incident-settings-retriggering-period-seconds INCIDENT-SETTINGS-RETRIGGERING-PERIOD-SECONDS --incident-settings-notify-on INCIDENT-SETTINGS-NOTIFY-ON --incident-settings-use-as-notification-settings INCIDENT-SETTINGS-USE-AS-NOTIFICATION-SETTINGS]
Command options
--id
(strfmt.UUID)-
Alert ID. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
. --name
(string)-
Alert name. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --is-active
(bool)-
Alert is active. Required.
--severity
(string)-
Alert severity. Required.
Allowable values are:
info_or_unspecified
,warning
,critical
,error
. --condition
(AlertsV2AlertCondition
)-
Alert condition. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition=@path/to/file.json
. --notification-groups
(AlertsV2AlertNotificationGroups[]
)-
Alert notification groups. Required.
The maximum length is
10
items. The minimum length is1
item.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--notification-groups=@path/to/file.json
. --filters
(AlertsV1AlertFilters
)-
Alert filters. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--filters=@path/to/file.json
. --description
(string)-
Alert description.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\-\\s]+$/
. --expiration
(AlertsV1Date
)-
Alert expiration date. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--expiration=@path/to/file.json
. --active-when
(AlertsV1AlertActiveWhen
)-
When should the alert be active. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--active-when=@path/to/file.json
. --notification-payload-filters
([]string)-
JSON keys to include in the alert notification, if left empty get the full log text in the alert notification.
The list items must match regular expression
/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. The maximum length is100
items. The minimum length is0
items. --meta-labels
(AlertsV1MetaLabel[]
)-
The Meta labels to add to the alert.
The maximum length is
200
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--meta-labels=@path/to/file.json
. --meta-labels-strings
([]string)-
The Meta labels to add to the alert as string with ':' separator.
The list items must match regular expression
/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. The maximum length is4096
items. The minimum length is0
items. --incident-settings
(AlertsV2AlertIncidentSettings
)-
Incident settings, will create the incident based on this configuration. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--incident-settings=@path/to/file.json
. --condition-immediate
(AlertsV2ImmediateConditionEmpty
)-
Condition for immediate standard alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-immediate=@path/to/file.json
. --condition-less-than
(AlertsV2LessThanCondition
)-
Condition for less than alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-less-than=@path/to/file.json
. --condition-more-than
(AlertsV2MoreThanCondition
)-
Condition for more than alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-more-than=@path/to/file.json
. --condition-more-than-usual
(AlertsV2MoreThanUsualCondition
)-
Condition for more than usual alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-more-than-usual=@path/to/file.json
. --condition-new-value
(AlertsV2NewValueCondition
)-
Condition for new value alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-new-value=@path/to/file.json
. --condition-flow
(AlertsV2FlowCondition
)-
Condition for flow alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-flow=@path/to/file.json
. --condition-unique-count
(AlertsV2UniqueCountCondition
)-
Condition for unique count alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-unique-count=@path/to/file.json
. --condition-less-than-usual
(AlertsV2LessThanUsualCondition
)-
Condition for less than usual alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-less-than-usual=@path/to/file.json
. --filters-severities
([]string)-
The severity of the logs to filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
Allowable list items are:
debug_or_unspecified
,verbose
,info
,warning
,error
,critical
. The maximum length is4096
items. The minimum length is0
items. --filters-metadata
(AlertsV1AlertFiltersMetadataFilters
)-
The metadata filters. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--filters-metadata=@path/to/file.json
. --filters-alias
(string)-
The alias of the filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --filters-text
(string)-
The text to filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --filters-ratio-alerts
(AlertsV1AlertFiltersRatioAlert[]
)-
The ratio alerts. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
The maximum length is
4096
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--filters-ratio-alerts=@path/to/file.json
. --filters-filter-type
(string)-
The type of the filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
Allowable values are:
text_or_unspecified
,template
,ratio
,unique_count
,time_relative
,metric
,flow
. --expiration-year
(int64)-
Year. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.
--expiration-month
(int64)-
Month of the year. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.
--expiration-day
(int64)-
Day of the month. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.
--active-when-timeframes
(AlertsV1AlertActiveTimeframe[]
)-
Activity timeframes of the alert. This option provides a value for a sub-field of the JSON option 'active-when'. It is mutually exclusive with that option.
The maximum length is
30
items. The minimum length is1
item.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--active-when-timeframes=@path/to/file.json
. --incident-settings-retriggering-period-seconds
(int64)-
The retriggering period of the alert in seconds. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.
The maximum value is
4294967295
. The minimum value is0
. --incident-settings-notify-on
(string)-
Notify on setting. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.
Allowable values are:
triggered_only
,triggered_and_resolved
. --incident-settings-use-as-notification-settings
(bool)-
Use these settings for all notificaion webhook. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.
Examples
ibmcloud cloud-logs alert-update \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
--name 'Test alert' \
--is-active true \
--severity info_or_unspecified \
--condition '{"more_than": {"parameters": {"threshold": 1, "timeframe": "timeframe_10_min", "group_by": ["coralogix.metadata.applicationName"], "metric_alert_parameters": {"metric_field": "cpu_usage", "metric_source": "prometheus", "arithmetic_operator": "percentile", "arithmetic_operator_modifier": 1, "sample_threshold_percentage": 100, "non_null_percentage": 100, "swap_null_values": true}, "metric_alert_promql_parameters": {"promql_text": "sum(rate(container_cpu_usage_seconds_total{container_name=\"my-container\"}[5m])) by (pod_name)", "arithmetic_operator_modifier": 1, "sample_threshold_percentage": 100, "non_null_percentage": 100, "swap_null_values": true}, "ignore_infinity": true, "relative_timeframe": "hour_or_unspecified", "cardinality_fields": [], "related_extended_data": {"cleanup_deadman_duration": "cleanup_deadman_duration_24h", "should_trigger_deadman": true}}, "evaluation_window": "rolling_or_unspecified"}}' \
--notification-groups '[{"group_by_fields": ["coralogix.metadata.applicationName"], "notifications": [{"retriggering_period_seconds": 60, "notify_on": "triggered_and_resolved", "integration_id": 123}]}]' \
--filters '{"severities": ["debug_or_unspecified","verbose","info","warning","error","critical"], "metadata": {"applications": ["CpuMonitoring","WebApi"], "subsystems": ["SnapshotGenerator","PermissionControl"]}, "alias": "monitorQuery", "text": "initiator.id.keyword:iam-ServiceId-10820fd6-c3fe-414e-8fd5-44ce95f7d34d AND action.keyword:cloud-object-storage.object.create", "ratio_alerts": [{"alias": "TopLevelAlert", "text": "_exists_:\"container_name\"", "severities": ["debug_or_unspecified","verbose","info","warning","error","critical"], "applications": ["CpuMonitoring","WebApi"], "subsystems": ["SnapshotGenerator","PermissionControl"], "group_by": ["Host","Thread"]}], "filter_type": "text_or_unspecified"}' \
--description 'Alert if the number of logs reaches a threshold' \
--expiration '{"year": 2012, "month": 12, "day": 24}' \
--active-when '{"timeframes": [{"days_of_week": ["monday_or_unspecified","tuesday","wednesday","thursday","friday","saturday","sunday"], "range": {"start": {"hours": 18, "minutes": 30, "seconds": 0}, "end": {"hours": 18, "minutes": 30, "seconds": 0}}}]}' \
--notification-payload-filters exampleString,anotherTestString \
--meta-labels '[{"key": "env", "value": "dev"}]' \
--meta-labels-strings '[]' \
--incident-settings '{"retriggering_period_seconds": 300, "notify_on": "triggered_only", "use_as_notification_settings": true}'
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs alert-update \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
--name 'Test alert' \
--is-active true \
--severity info_or_unspecified \
--notification-groups '[alertsV2AlertNotificationGroups]' \
--description 'Alert if the number of logs reaches a threshold' \
--notification-payload-filters exampleString,anotherTestString \
--meta-labels '[alertsV1MetaLabel]' \
--meta-labels-strings '[]' \
--condition-more-than alertsV2MoreThanCondition \
--filters-severities debug_or_unspecified,verbose,info,warning,error,critical \
--filters-metadata alertsV1AlertFiltersMetadataFilters \
--filters-alias monitorQuery \
--filters-text _exists_:"container_name" \
--filters-ratio-alerts '[alertsV1AlertFiltersRatioAlert]' \
--filters-filter-type flow \
--expiration-year 2012 \
--expiration-month 12 \
--expiration-day 24 \
--active-when-timeframes '[alertsV1AlertActiveTimeframe]' \
--incident-settings-retriggering-period-seconds 60 \
--incident-settings-notify-on triggered_and_resolved \
--incident-settings-use-as-notification-settings true
ibmcloud cloud-logs alert-delete
Delete an alert.
ibmcloud cloud-logs alert-delete --id ID
Command options
--id
(strfmt.UUID)-
Alert ID. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
.
Example
ibmcloud cloud-logs alert-delete \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f
ibmcloud cloud-logs alerts
List alerts.
ibmcloud cloud-logs alerts
Example
ibmcloud cloud-logs alerts
ibmcloud cloud-logs alert-create
Create an alert.
ibmcloud cloud-logs alert-create --name NAME --is-active IS-ACTIVE --severity SEVERITY [--condition CONDITION | --condition-immediate CONDITION-IMMEDIATE --condition-less-than CONDITION-LESS-THAN --condition-more-than CONDITION-MORE-THAN --condition-more-than-usual CONDITION-MORE-THAN-USUAL --condition-new-value CONDITION-NEW-VALUE --condition-flow CONDITION-FLOW --condition-unique-count CONDITION-UNIQUE-COUNT --condition-less-than-usual CONDITION-LESS-THAN-USUAL] --notification-groups NOTIFICATION-GROUPS [--filters FILTERS | --filters-severities FILTERS-SEVERITIES --filters-metadata FILTERS-METADATA --filters-alias FILTERS-ALIAS --filters-text FILTERS-TEXT --filters-ratio-alerts FILTERS-RATIO-ALERTS --filters-filter-type FILTERS-FILTER-TYPE] [--description DESCRIPTION] [--expiration EXPIRATION | --expiration-year EXPIRATION-YEAR --expiration-month EXPIRATION-MONTH --expiration-day EXPIRATION-DAY] [--active-when ACTIVE-WHEN | --active-when-timeframes ACTIVE-WHEN-TIMEFRAMES] [--notification-payload-filters NOTIFICATION-PAYLOAD-FILTERS] [--meta-labels META-LABELS] [--meta-labels-strings META-LABELS-STRINGS] [--incident-settings INCIDENT-SETTINGS | --incident-settings-retriggering-period-seconds INCIDENT-SETTINGS-RETRIGGERING-PERIOD-SECONDS --incident-settings-notify-on INCIDENT-SETTINGS-NOTIFY-ON --incident-settings-use-as-notification-settings INCIDENT-SETTINGS-USE-AS-NOTIFICATION-SETTINGS]
Command options
--name
(string)-
Alert name. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --is-active
(bool)-
Alert is active. Required.
--severity
(string)-
Alert severity. Required.
Allowable values are:
info_or_unspecified
,warning
,critical
,error
. --condition
(AlertsV2AlertCondition
)-
Alert condition. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition=@path/to/file.json
. --notification-groups
(AlertsV2AlertNotificationGroups[]
)-
Alert notification groups. Required.
The maximum length is
10
items. The minimum length is1
item.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--notification-groups=@path/to/file.json
. --filters
(AlertsV1AlertFilters
)-
Alert filters. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--filters=@path/to/file.json
. --description
(string)-
Alert description.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\-\\s]+$/
. --expiration
(AlertsV1Date
)-
Alert expiration date. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--expiration=@path/to/file.json
. --active-when
(AlertsV1AlertActiveWhen
)-
When should the alert be active. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--active-when=@path/to/file.json
. --notification-payload-filters
([]string)-
JSON keys to include in the alert notification, if left empty get the full log text in the alert notification.
The list items must match regular expression
/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. The maximum length is100
items. The minimum length is0
items. --meta-labels
(AlertsV1MetaLabel[]
)-
The Meta labels to add to the alert.
The maximum length is
200
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--meta-labels=@path/to/file.json
. --meta-labels-strings
([]string)-
The Meta labels to add to the alert as string with ':' separator.
The list items must match regular expression
/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. The maximum length is4096
items. The minimum length is0
items. --incident-settings
(AlertsV2AlertIncidentSettings
)-
Incident settings, will create the incident based on this configuration. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--incident-settings=@path/to/file.json
. --condition-immediate
(AlertsV2ImmediateConditionEmpty
)-
Condition for immediate standard alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-immediate=@path/to/file.json
. --condition-less-than
(AlertsV2LessThanCondition
)-
Condition for less than alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-less-than=@path/to/file.json
. --condition-more-than
(AlertsV2MoreThanCondition
)-
Condition for more than alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-more-than=@path/to/file.json
. --condition-more-than-usual
(AlertsV2MoreThanUsualCondition
)-
Condition for more than usual alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-more-than-usual=@path/to/file.json
. --condition-new-value
(AlertsV2NewValueCondition
)-
Condition for new value alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-new-value=@path/to/file.json
. --condition-flow
(AlertsV2FlowCondition
)-
Condition for flow alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-flow=@path/to/file.json
. --condition-unique-count
(AlertsV2UniqueCountCondition
)-
Condition for unique count alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-unique-count=@path/to/file.json
. --condition-less-than-usual
(AlertsV2LessThanUsualCondition
)-
Condition for less than usual alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--condition-less-than-usual=@path/to/file.json
. --filters-severities
([]string)-
The severity of the logs to filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
Allowable list items are:
debug_or_unspecified
,verbose
,info
,warning
,error
,critical
. The maximum length is4096
items. The minimum length is0
items. --filters-metadata
(AlertsV1AlertFiltersMetadataFilters
)-
The metadata filters. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--filters-metadata=@path/to/file.json
. --filters-alias
(string)-
The alias of the filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --filters-text
(string)-
The text to filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --filters-ratio-alerts
(AlertsV1AlertFiltersRatioAlert[]
)-
The ratio alerts. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
The maximum length is
4096
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--filters-ratio-alerts=@path/to/file.json
. --filters-filter-type
(string)-
The type of the filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.
Allowable values are:
text_or_unspecified
,template
,ratio
,unique_count
,time_relative
,metric
,flow
. --expiration-year
(int64)-
Year. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.
--expiration-month
(int64)-
Month of the year. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.
--expiration-day
(int64)-
Day of the month. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.
--active-when-timeframes
(AlertsV1AlertActiveTimeframe[]
)-
Activity timeframes of the alert. This option provides a value for a sub-field of the JSON option 'active-when'. It is mutually exclusive with that option.
The maximum length is
30
items. The minimum length is1
item.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--active-when-timeframes=@path/to/file.json
. --incident-settings-retriggering-period-seconds
(int64)-
The retriggering period of the alert in seconds. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.
The maximum value is
4294967295
. The minimum value is0
. --incident-settings-notify-on
(string)-
Notify on setting. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.
Allowable values are:
triggered_only
,triggered_and_resolved
. --incident-settings-use-as-notification-settings
(bool)-
Use these settings for all notificaion webhook. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.
Examples
ibmcloud cloud-logs alert-create \
--name 'Test alert' \
--is-active true \
--severity info_or_unspecified \
--condition '{"more_than": {"parameters": {"threshold": 1, "timeframe": "timeframe_10_min", "group_by": ["coralogix.metadata.applicationName"], "metric_alert_parameters": {"metric_field": "cpu_usage", "metric_source": "prometheus", "arithmetic_operator": "percentile", "arithmetic_operator_modifier": 1, "sample_threshold_percentage": 100, "non_null_percentage": 100, "swap_null_values": true}, "metric_alert_promql_parameters": {"promql_text": "sum(rate(container_cpu_usage_seconds_total{container_name=\"my-container\"}[5m])) by (pod_name)", "arithmetic_operator_modifier": 1, "sample_threshold_percentage": 100, "non_null_percentage": 100, "swap_null_values": true}, "ignore_infinity": true, "relative_timeframe": "hour_or_unspecified", "cardinality_fields": [], "related_extended_data": {"cleanup_deadman_duration": "cleanup_deadman_duration_24h", "should_trigger_deadman": true}}, "evaluation_window": "rolling_or_unspecified"}}' \
--notification-groups '[{"group_by_fields": ["coralogix.metadata.applicationName"], "notifications": [{"retriggering_period_seconds": 60, "notify_on": "triggered_and_resolved", "integration_id": 123}]}]' \
--filters '{"severities": ["debug_or_unspecified","verbose","info","warning","error","critical"], "metadata": {"applications": ["CpuMonitoring","WebApi"], "subsystems": ["SnapshotGenerator","PermissionControl"]}, "alias": "monitorQuery", "text": "initiator.id.keyword:iam-ServiceId-10820fd6-c3fe-414e-8fd5-44ce95f7d34d AND action.keyword:cloud-object-storage.object.create", "ratio_alerts": [{"alias": "TopLevelAlert", "text": "_exists_:\"container_name\"", "severities": ["debug_or_unspecified","verbose","info","warning","error","critical"], "applications": ["CpuMonitoring","WebApi"], "subsystems": ["SnapshotGenerator","PermissionControl"], "group_by": ["Host","Thread"]}], "filter_type": "text_or_unspecified"}' \
--description 'Alert if the number of logs reaches a threshold' \
--expiration '{"year": 2012, "month": 12, "day": 24}' \
--active-when '{"timeframes": [{"days_of_week": ["monday_or_unspecified","tuesday","wednesday","thursday","friday","saturday","sunday"], "range": {"start": {"hours": 18, "minutes": 30, "seconds": 0}, "end": {"hours": 18, "minutes": 30, "seconds": 0}}}]}' \
--notification-payload-filters exampleString,anotherTestString \
--meta-labels '[{"key": "env", "value": "dev"}]' \
--meta-labels-strings '[]' \
--incident-settings '{"retriggering_period_seconds": 300, "notify_on": "triggered_only", "use_as_notification_settings": true}'
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs alert-create \
--name 'Test alert' \
--is-active true \
--severity info_or_unspecified \
--notification-groups '[alertsV2AlertNotificationGroups]' \
--description 'Alert if the number of logs reaches a threshold' \
--notification-payload-filters exampleString,anotherTestString \
--meta-labels '[alertsV1MetaLabel]' \
--meta-labels-strings '[]' \
--condition-more-than alertsV2MoreThanCondition \
--filters-severities debug_or_unspecified,verbose,info,warning,error,critical \
--filters-metadata alertsV1AlertFiltersMetadataFilters \
--filters-alias monitorQuery \
--filters-text _exists_:"container_name" \
--filters-ratio-alerts '[alertsV1AlertFiltersRatioAlert]' \
--filters-filter-type flow \
--expiration-year 2012 \
--expiration-month 12 \
--expiration-day 24 \
--active-when-timeframes '[alertsV1AlertActiveTimeframe]' \
--incident-settings-retriggering-period-seconds 60 \
--incident-settings-notify-on triggered_and_resolved \
--incident-settings-use-as-notification-settings true
Rules
Create and manage parsing rules.
ibmcloud cloud-logs rule-group
Gets rule group by groupid.
ibmcloud cloud-logs rule-group --id ID
Command options
--id
(strfmt.UUID)-
The group ID. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
.
Example
ibmcloud cloud-logs rule-group \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f
ibmcloud cloud-logs rule-group-update
Updates rule group by groupid.
ibmcloud cloud-logs rule-group-update --id ID --name NAME --rule-subgroups RULE-SUBGROUPS [--description DESCRIPTION] [--enabled ENABLED] [--rule-matchers RULE-MATCHERS] [--order ORDER]
Command options
--id
(strfmt.UUID)-
The group ID. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
. --name
(string)-
The name of the rule group. Required.
The maximum length is
255
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --rule-subgroups
(RulesV1CreateRuleGroupRequestCreateRuleSubgroup[]
)-
Rule subgroups. Will try to execute the first rule subgroup, and if not matched will try to match the next one in order. Required.
The maximum length is
4096
items. The minimum length is1
item.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--rule-subgroups=@path/to/file.json
. --description
(string)-
A description for the rule group, should express what is the rule group purpose.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\-\\s]+$/
. --enabled
(bool)-
Whether or not the rule is enabled.
--rule-matchers
(RulesV1RuleMatcher[]
)-
Optional rule matchers which if matched will make the rule go through the rule group.
The maximum length is
4096
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--rule-matchers=@path/to/file.json
. --order
(int64)-
The order in which the rule group will be evaluated. The lower the order, the more priority the group will have. Not providing the order will by default create a group with the last order.
The maximum value is
4294967295
. The minimum value is0
.
Example
ibmcloud cloud-logs rule-group-update \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
--name mysql-extractrule \
--rule-subgroups '[{"rules": [{"name": "mysql-parse", "description": "mysql-parse", "source_field": "text", "parameters": {"parse_parameters": {"destination_field": "text", "rule": "(?P<timestamp>[^,]+),(?P<hostname>[^,]+),(?P<username>[^,]+),(?P<ip>[^,]+),(?P<connectionId>[0-9]+),(?P<queryId>[0-9]+),(?P<operation>[^,]+),(?P<database>[^,]+),\'?(?P<object>.*)\'?,(?P<returnCode>[0-9]+)"}}, "enabled": true, "order": 1}], "enabled": true, "order": 1}]' \
--description 'mysql audit logs parser' \
--enabled true \
--rule-matchers '[{"subsystem_name": {"value": "mysql"}}]' \
--order 39
ibmcloud cloud-logs rule-group-delete
Deletes rule group by groupid.
ibmcloud cloud-logs rule-group-delete --id ID
Command options
--id
(strfmt.UUID)-
The group ID. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
.
Example
ibmcloud cloud-logs rule-group-delete \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f
ibmcloud cloud-logs rule-groups
Gets all rule groups.
ibmcloud cloud-logs rule-groups
Example
ibmcloud cloud-logs rule-groups
ibmcloud cloud-logs rule-group-create
Creates rule group.
ibmcloud cloud-logs rule-group-create --name NAME --rule-subgroups RULE-SUBGROUPS [--description DESCRIPTION] [--enabled ENABLED] [--rule-matchers RULE-MATCHERS] [--order ORDER]
Command options
--name
(string)-
The name of the rule group. Required.
The maximum length is
255
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --rule-subgroups
(RulesV1CreateRuleGroupRequestCreateRuleSubgroup[]
)-
Rule subgroups. Will try to execute the first rule subgroup, and if not matched will try to match the next one in order. Required.
The maximum length is
4096
items. The minimum length is1
item.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--rule-subgroups=@path/to/file.json
. --description
(string)-
A description for the rule group, should express what is the rule group purpose.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\-\\s]+$/
. --enabled
(bool)-
Whether or not the rule is enabled.
--rule-matchers
(RulesV1RuleMatcher[]
)-
Optional rule matchers which if matched will make the rule go through the rule group.
The maximum length is
4096
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--rule-matchers=@path/to/file.json
. --order
(int64)-
The order in which the rule group will be evaluated. The lower the order, the more priority the group will have. Not providing the order will by default create a group with the last order.
The maximum value is
4294967295
. The minimum value is0
.
Example
ibmcloud cloud-logs rule-group-create \
--name mysql-extractrule \
--rule-subgroups '[{"rules": [{"name": "mysql-parse", "description": "mysql-parse", "source_field": "text", "parameters": {"parse_parameters": {"destination_field": "text", "rule": "(?P<timestamp>[^,]+),(?P<hostname>[^,]+),(?P<username>[^,]+),(?P<ip>[^,]+),(?P<connectionId>[0-9]+),(?P<queryId>[0-9]+),(?P<operation>[^,]+),(?P<database>[^,]+),\'?(?P<object>.*)\'?,(?P<returnCode>[0-9]+)"}}, "enabled": true, "order": 1}], "enabled": true, "order": 1}]' \
--description 'mysql audit logs parser' \
--enabled true \
--rule-matchers '[{"subsystem_name": {"value": "mysql"}}]' \
--order 39
Outbound Integrations
Create and manage your Outbound integrations so that you can receive alerts.
ibmcloud cloud-logs outgoing-webhooks
List Outbound Integrations.
ibmcloud cloud-logs outgoing-webhooks [--type TYPE]
Command options
--type
(string)-
The type of the deployed Outbound Integrations to list.
Allowable values are:
ibm_event_notifications
.
Example
ibmcloud cloud-logs outgoing-webhooks \
--type ibm_event_notifications
ibmcloud cloud-logs outgoing-webhook-create
Create an Outbound Integration.
ibmcloud cloud-logs outgoing-webhook-create [--prototype PROTOTYPE | --type TYPE --name NAME --url URL --ibm-event-notifications IBM-EVENT-NOTIFICATIONS]
Command options
--prototype
(OutgoingWebhookPrototype
)-
The input data of the Outbound Integration. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--prototype=@path/to/file.json
. --type
(string)-
The type of the deployed Outbound Integrations to list. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Allowable values are:
ibm_event_notifications
. --name
(string)-
The name of the Outbound Integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --url
(string)-
The URL of the Outbound Integration. Null for IBM Event Notifications integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --ibm-event-notifications
(OutgoingWebhooksV1IbmEventNotificationsConfig
)-
The configuration of the IBM Event Notifications Outbound Integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--ibm-event-notifications=@path/to/file.json
.
Examples
ibmcloud cloud-logs outgoing-webhook-create \
--prototype '{"type": "ibm_event_notifications", "name": "Event Notifications Integration", "url": "https://example.com", "ibm_event_notifications": {"event_notifications_instance_id": "9fab83da-98cb-4f18-a7ba-b6f0435c9673", "region_id": "eu-es", "source_id": "crn:v1:staging:public:logs:eu-gb:a/223af6f4260f42ebe23e95fcddd33cb7:63a3e4be-cb73-4f52-898e-8e93484a70a5::", "source_name": "IBM Cloud Event Notifications"}}'
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs outgoing-webhook-create \
--type ibm_event_notifications \
--name 'Event Notifications Integration' \
--url https://example.com \
--ibm-event-notifications outgoingWebhooksV1IbmEventNotificationsConfig
ibmcloud cloud-logs outgoing-webhook
Gets an Outbound Integration by ID.
ibmcloud cloud-logs outgoing-webhook --id ID
Command options
--id
(strfmt.UUID)-
The ID of the Outbound Integration to delete. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
.
Example
ibmcloud cloud-logs outgoing-webhook \
--id 585bea36-bdd1-4bfb-9a26-51f1f8a12660
ibmcloud cloud-logs outgoing-webhook-update
Update an Outbound Integration.
ibmcloud cloud-logs outgoing-webhook-update --id ID [--prototype PROTOTYPE | --type TYPE --name NAME --url URL --ibm-event-notifications IBM-EVENT-NOTIFICATIONS]
Command options
--id
(strfmt.UUID)-
The ID of the Outbound Integration to delete. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
. --prototype
(OutgoingWebhookPrototype
)-
The input data of the Outbound Integration. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--prototype=@path/to/file.json
. --type
(string)-
The type of the deployed Outbound Integrations to list. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Allowable values are:
ibm_event_notifications
. --name
(string)-
The name of the Outbound Integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --url
(string)-
The URL of the Outbound Integration. Null for IBM Event Notifications integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --ibm-event-notifications
(OutgoingWebhooksV1IbmEventNotificationsConfig
)-
The configuration of the IBM Event Notifications Outbound Integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--ibm-event-notifications=@path/to/file.json
.
Examples
ibmcloud cloud-logs outgoing-webhook-update \
--id 585bea36-bdd1-4bfb-9a26-51f1f8a12660 \
--prototype '{"type": "ibm_event_notifications", "name": "Event Notifications Integration", "url": "https://example.com", "ibm_event_notifications": {"event_notifications_instance_id": "9fab83da-98cb-4f18-a7ba-b6f0435c9673", "region_id": "eu-es", "source_id": "crn:v1:staging:public:logs:eu-gb:a/223af6f4260f42ebe23e95fcddd33cb7:63a3e4be-cb73-4f52-898e-8e93484a70a5::", "source_name": "IBM Cloud Event Notifications"}}'
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs outgoing-webhook-update \
--id 585bea36-bdd1-4bfb-9a26-51f1f8a12660 \
--type ibm_event_notifications \
--name 'Event Notifications Integration' \
--url https://example.com \
--ibm-event-notifications outgoingWebhooksV1IbmEventNotificationsConfig
ibmcloud cloud-logs outgoing-webhook-delete
Delete an Outbound Integration.
ibmcloud cloud-logs outgoing-webhook-delete --id ID
Command options
--id
(strfmt.UUID)-
The ID of the Outbound Integration to delete. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
.
Example
ibmcloud cloud-logs outgoing-webhook-delete \
--id 585bea36-bdd1-4bfb-9a26-51f1f8a12660
Policies
Create and manage TCO policies.
ibmcloud cloud-logs policy
Gets policy by id.
ibmcloud cloud-logs policy --id ID
Command options
--id
(strfmt.UUID)-
ID of policy. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
.
Example
ibmcloud cloud-logs policy \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f
ibmcloud cloud-logs policy-update
Updates an existing policy.
ibmcloud cloud-logs policy-update --id ID [--prototype PROTOTYPE | --name NAME --description DESCRIPTION --priority PRIORITY --application-rule APPLICATION-RULE --subsystem-rule SUBSYSTEM-RULE --archive-retention ARCHIVE-RETENTION --log-rules LOG-RULES]
Command options
--id
(strfmt.UUID)-
ID of policy. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
. --prototype
(PolicyPrototype
)-
Create policy request. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--prototype=@path/to/file.json
. --name
(string)-
Policy name. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --description
(string)-
Policy description. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\-\\s]+$/
. --priority
(string)-
The data pipeline sources that match the policy rules will go through. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Allowable values are:
type_unspecified
,type_block
,type_low
,type_medium
,type_high
. --application-rule
(QuotaV1Rule
)-
Rule for matching with application. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--application-rule=@path/to/file.json
. --subsystem-rule
(QuotaV1Rule
)-
Rule for matching with application. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--subsystem-rule=@path/to/file.json
. --archive-retention
(QuotaV1ArchiveRetention
)-
Archive retention definition. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--archive-retention=@path/to/file.json
. --log-rules
(QuotaV1LogRules
)-
Log rules. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--log-rules=@path/to/file.json
.
Examples
ibmcloud cloud-logs policy-update \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
--prototype '{"name": "Med_policy", "description": "Medium policy", "priority": "type_high", "application_rule": {"rule_type_id": "is", "name": "test"}, "subsystem_rule": {"rule_type_id": "is", "name": "test"}, "archive_retention": {"id": "9fab83da-98cb-4f18-a7ba-b6f0435c9673"}, "log_rules": {"severities": ["unspecified","debug","verbose","info","warning","error","critical"]}}'
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs policy-update \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
--name 'My Policy' \
--description 'My Policy Description' \
--priority type_high \
--application-rule quotaV1Rule \
--subsystem-rule quotaV1Rule \
--archive-retention quotaV1ArchiveRetention \
--log-rules quotaV1LogRules
ibmcloud cloud-logs policy-delete
Deletes an existing policy.
ibmcloud cloud-logs policy-delete --id ID
Command options
--id
(strfmt.UUID)-
ID of policy. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
.
Example
ibmcloud cloud-logs policy-delete \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f
ibmcloud cloud-logs policies
Gets policies.
ibmcloud cloud-logs policies [--enabled-only ENABLED-ONLY] [--source-type SOURCE-TYPE]
Command options
--enabled-only
(bool)-
Optionally filter only enabled policies.
--source-type
(string)-
Source type to filter policies by.
Allowable values are:
unspecified
,logs
.
Example
ibmcloud cloud-logs policies \
--enabled-only true \
--source-type logs
ibmcloud cloud-logs policy-create
Creates a new policy.
ibmcloud cloud-logs policy-create [--prototype PROTOTYPE | --name NAME --description DESCRIPTION --priority PRIORITY --application-rule APPLICATION-RULE --subsystem-rule SUBSYSTEM-RULE --archive-retention ARCHIVE-RETENTION --log-rules LOG-RULES]
Command options
--prototype
(PolicyPrototype
)-
Create policy request. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--prototype=@path/to/file.json
. --name
(string)-
Policy name. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --description
(string)-
Policy description. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\-\\s]+$/
. --priority
(string)-
The data pipeline sources that match the policy rules will go through. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Allowable values are:
type_unspecified
,type_block
,type_low
,type_medium
,type_high
. --application-rule
(QuotaV1Rule
)-
Rule for matching with application. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--application-rule=@path/to/file.json
. --subsystem-rule
(QuotaV1Rule
)-
Rule for matching with application. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--subsystem-rule=@path/to/file.json
. --archive-retention
(QuotaV1ArchiveRetention
)-
Archive retention definition. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--archive-retention=@path/to/file.json
. --log-rules
(QuotaV1LogRules
)-
Log rules. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--log-rules=@path/to/file.json
.
Examples
ibmcloud cloud-logs policy-create \
--prototype '{"name": "Med_policy", "description": "Medium Policy", "priority": "type_high", "application_rule": {"rule_type_id": "is", "name": "test"}, "subsystem_rule": {"rule_type_id": "is", "name": "test"}, "archive_retention": {"id": "9fab83da-98cb-4f18-a7ba-b6f0435c9673"}, "log_rules": {"severities": ["unspecified","debug","verbose","info","warning","error","critical"]}}'
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs policy-create \
--name 'My Policy' \
--description 'My Policy Description' \
--priority type_high \
--application-rule quotaV1Rule \
--subsystem-rule quotaV1Rule \
--archive-retention quotaV1ArchiveRetention \
--log-rules quotaV1LogRules
Events to metrics
Create and manage your events to metrics definitions.
ibmcloud cloud-logs events2metrics-list
Lists event to metrics definitions.
ibmcloud cloud-logs events2metrics-list
Aliases
events2metrics-list
, e2m-list
Example
ibmcloud cloud-logs events2metrics-list
ibmcloud cloud-logs events2metrics-create
Creates event to metrics definitions.
ibmcloud cloud-logs events2metrics-create [--event2-metric-prototype EVENT2-METRIC-PROTOTYPE | --event2-metric-name EVENT2-METRIC-NAME --event2-metric-description EVENT2-METRIC-DESCRIPTION --event2-metric-permutations-limit EVENT2-METRIC-PERMUTATIONS-LIMIT --event2-metric-metric-labels EVENT2-METRIC-METRIC-LABELS --event2-metric-metric-fields EVENT2-METRIC-METRIC-FIELDS --event2-metric-type EVENT2-METRIC-TYPE --event2-metric-logs-query EVENT2-METRIC-LOGS-QUERY]
Aliases
events2metrics-create
, e2m-create
Command options
--event2-metric-prototype
(Event2MetricPrototype
)-
E2M Create message. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--event2-metric-prototype=@path/to/file.json
. --event2-metric-name
(string)-
Name of E2M to create. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --event2-metric-description
(string)-
Description of E2M to create. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\-\\s]+$/
. --event2-metric-permutations-limit
(int64)-
The permutation limit of the E2M. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
--event2-metric-metric-labels
(ApisEvents2metricsV2MetricLabel[]
)-
E2M metric labels. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
The maximum length is
4096
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--event2-metric-metric-labels=@path/to/file.json
. --event2-metric-metric-fields
(ApisEvents2metricsV2MetricField[]
)-
E2M metric fields. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
The maximum length is
4096
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--event2-metric-metric-fields=@path/to/file.json
. --event2-metric-type
(string)-
E2M type. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
Allowable values are:
unspecified
,logs2metrics
. --event2-metric-logs-query
(ApisLogs2metricsV2LogsQuery
)-
E2M logs query. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--event2-metric-logs-query=@path/to/file.json
.
Examples
ibmcloud cloud-logs events2metrics-create \
--event2-metric-prototype '{"name": "test em2", "description": "Test e2m", "permutations_limit": 1, "metric_labels": [{"target_label": "alias_label_name", "source_field": "log_obj.string_value"}], "metric_fields": [{"target_base_metric_name": "alias_field_name", "source_field": "log_obj.numeric_field", "aggregations": [{"enabled": true, "agg_type": "samples", "target_metric_name": "alias_field_name_agg_func", "samples": {"sample_type": "max"}}]}], "type": "logs2metrics", "logs_query": {"lucene": "logs", "alias": "new_query", "applicationname_filters": ["app_name"], "subsystemname_filters": ["sub_name"], "severity_filters": ["unspecified","debug","verbose","info","warning","error","critical"]}}'
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs events2metrics-create \
--event2-metric-name 'Service catalog latency' \
--event2-metric-description 'avg and max the latency of catalog service' \
--event2-metric-permutations-limit 30000 \
--event2-metric-metric-labels '[apisEvents2metricsV2MetricLabel]' \
--event2-metric-metric-fields '[apisEvents2metricsV2MetricField]' \
--event2-metric-type logs2metrics \
--event2-metric-logs-query apisLogs2metricsV2LogsQuery
ibmcloud cloud-logs events2metrics
Gets event to metrics definitions by id.
ibmcloud cloud-logs events2metrics --id ID
Aliases
events2metrics
, e2m
Command options
--id
(string)-
ID of e2m to be deleted. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
.
Example
ibmcloud cloud-logs events2metrics \
--id d6a3658e-78d2-47d0-9b81-b2c551f01b09
ibmcloud cloud-logs events2metrics-update
Updates event to metrics definitions.
ibmcloud cloud-logs events2metrics-update --id ID [--event2-metric-prototype EVENT2-METRIC-PROTOTYPE | --event2-metric-name EVENT2-METRIC-NAME --event2-metric-description EVENT2-METRIC-DESCRIPTION --event2-metric-permutations-limit EVENT2-METRIC-PERMUTATIONS-LIMIT --event2-metric-metric-labels EVENT2-METRIC-METRIC-LABELS --event2-metric-metric-fields EVENT2-METRIC-METRIC-FIELDS --event2-metric-type EVENT2-METRIC-TYPE --event2-metric-logs-query EVENT2-METRIC-LOGS-QUERY]
Aliases
events2metrics-update
, e2m-update
Command options
--id
(string)-
ID of e2m to be deleted. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --event2-metric-prototype
(Event2MetricPrototype
)-
E2M Create message. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--event2-metric-prototype=@path/to/file.json
. --event2-metric-name
(string)-
Name of E2M to create. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --event2-metric-description
(string)-
Description of E2M to create. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\-\\s]+$/
. --event2-metric-permutations-limit
(int64)-
The permutation limit of the E2M. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
--event2-metric-metric-labels
(ApisEvents2metricsV2MetricLabel[]
)-
E2M metric labels. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
The maximum length is
4096
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--event2-metric-metric-labels=@path/to/file.json
. --event2-metric-metric-fields
(ApisEvents2metricsV2MetricField[]
)-
E2M metric fields. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
The maximum length is
4096
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--event2-metric-metric-fields=@path/to/file.json
. --event2-metric-type
(string)-
E2M type. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
Allowable values are:
unspecified
,logs2metrics
. --event2-metric-logs-query
(ApisLogs2metricsV2LogsQuery
)-
E2M logs query. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--event2-metric-logs-query=@path/to/file.json
.
Examples
ibmcloud cloud-logs events2metrics-update \
--id d6a3658e-78d2-47d0-9b81-b2c551f01b09 \
--event2-metric-prototype '{"name": "test em2", "description": "Test e2m updated", "permutations_limit": 1, "metric_labels": [{"target_label": "alias_label_name", "source_field": "log_obj.string_value"}], "metric_fields": [{"target_base_metric_name": "alias_field_name", "source_field": "log_obj.numeric_field", "aggregations": [{"enabled": true, "agg_type": "samples", "target_metric_name": "alias_field_name_agg_func", "samples": {"sample_type": "max"}}]}], "type": "logs2metrics", "logs_query": {"lucene": "logs", "alias": "new_query", "applicationname_filters": ["app_name"], "subsystemname_filters": ["sub_name"], "severity_filters": ["unspecified","debug","verbose","info","warning","error","critical"]}}'
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs events2metrics-update \
--id d6a3658e-78d2-47d0-9b81-b2c551f01b09 \
--event2-metric-name 'Service catalog latency' \
--event2-metric-description 'avg and max the latency of catalog service' \
--event2-metric-permutations-limit 30000 \
--event2-metric-metric-labels '[apisEvents2metricsV2MetricLabel]' \
--event2-metric-metric-fields '[apisEvents2metricsV2MetricField]' \
--event2-metric-type logs2metrics \
--event2-metric-logs-query apisLogs2metricsV2LogsQuery
ibmcloud cloud-logs events2metrics-delete
Deletes event to metrics definitions by id.
ibmcloud cloud-logs events2metrics-delete --id ID
Aliases
events2metrics-delete
, e2m-delete
Command options
--id
(string)-
ID of e2m to be deleted. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
.
Example
ibmcloud cloud-logs events2metrics-delete \
--id d6a3658e-78d2-47d0-9b81-b2c551f01b09
Views
Create and manage views.
ibmcloud cloud-logs views
Lists all company public views.
ibmcloud cloud-logs views
Example
ibmcloud cloud-logs views
ibmcloud cloud-logs view-create
Creates a new view.
ibmcloud cloud-logs view-create --name NAME [--time-selection TIME-SELECTION | --time-selection-quick-selection TIME-SELECTION-QUICK-SELECTION --time-selection-custom-selection TIME-SELECTION-CUSTOM-SELECTION] [--search-query SEARCH-QUERY ] [--filters FILTERS ] [--folder-id FOLDER-ID]
Command options
--name
(string)-
View name. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --time-selection
(ApisViewsV1TimeSelection
)-
View time selection. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--time-selection=@path/to/file.json
. --search-query
(ApisViewsV1SearchQuery
)-
View search query. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--search-query=@path/to/file.json
. --filters
(ApisViewsV1SelectedFilters
)-
View selected filters. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--filters=@path/to/file.json
. --folder-id
(strfmt.UUID)-
View folder ID.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
. --time-selection-quick-selection
(ApisViewsV1QuickTimeSelection
)-
Quick time selection. This option provides a value for a sub-field of the JSON option 'time-selection'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--time-selection-quick-selection=@path/to/file.json
. --time-selection-custom-selection
(ApisViewsV1CustomTimeSelection
)-
Custom time selection. This option provides a value for a sub-field of the JSON option 'time-selection'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--time-selection-custom-selection=@path/to/file.json
.
Examples
ibmcloud cloud-logs view-create \
--name 'Logs view' \
--time-selection '{"custom_selection": {"from_time": "2024-01-25T11:31:43.152Z", "to_time": "2024-01-25T11:37:13.238Z"}}' \
--search-query '{"query": "logs"}' \
--filters '{"filters": [{"name": "applicationName", "selected_values": {}}]}' \
--folder-id 9fab83da-98cb-4f18-a7ba-b6f0435c9673
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs view-create \
--name 'Logs view' \
--folder-id 9fab83da-98cb-4f18-a7ba-b6f0435c9673 \
--time-selection-custom-selection apisViewsV1CustomTimeSelection \
--search-query-query error \
--filters-filters '[apisViewsV1Filter]'
ibmcloud cloud-logs view
Gets a view by ID.
ibmcloud cloud-logs view --id ID
Command options
--id
(int64)- View ID. Required.
Example
ibmcloud cloud-logs view \
--id 52
ibmcloud cloud-logs view-update
Replaces an existing view.
ibmcloud cloud-logs view-update --id ID --name NAME [--time-selection TIME-SELECTION | --time-selection-quick-selection TIME-SELECTION-QUICK-SELECTION --time-selection-custom-selection TIME-SELECTION-CUSTOM-SELECTION] [--search-query SEARCH-QUERY ] [--filters FILTERS ] [--folder-id FOLDER-ID]
Command options
--id
(int64)-
View ID. Required.
--name
(string)-
View name. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --time-selection
(ApisViewsV1TimeSelection
)-
View time selection. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--time-selection=@path/to/file.json
. --search-query
(ApisViewsV1SearchQuery
)-
View search query. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--search-query=@path/to/file.json
. --filters
(ApisViewsV1SelectedFilters
)-
View selected filters. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--filters=@path/to/file.json
. --folder-id
(strfmt.UUID)-
View folder ID.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
. --time-selection-quick-selection
(ApisViewsV1QuickTimeSelection
)-
Quick time selection. This option provides a value for a sub-field of the JSON option 'time-selection'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--time-selection-quick-selection=@path/to/file.json
. --time-selection-custom-selection
(ApisViewsV1CustomTimeSelection
)-
Custom time selection. This option provides a value for a sub-field of the JSON option 'time-selection'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--time-selection-custom-selection=@path/to/file.json
.
Examples
ibmcloud cloud-logs view-update \
--id 52 \
--name 'Logs view' \
--time-selection '{"custom_selection": {"from_time": "2024-01-25T11:31:43.152Z", "to_time": "2024-01-25T11:37:13.238Z"}}' \
--search-query '{"query": "logs new"}' \
--filters '{"filters": [{"name": "applicationName", "selected_values": {}}]}' \
--folder-id 9fab83da-98cb-4f18-a7ba-b6f0435c9673
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs view-update \
--id 52 \
--name 'Logs view' \
--folder-id 9fab83da-98cb-4f18-a7ba-b6f0435c9673 \
--time-selection-custom-selection apisViewsV1CustomTimeSelection \
--search-query-query error \
--filters-filters '[apisViewsV1Filter]'
ibmcloud cloud-logs view-delete
Deletes a view by ID.
ibmcloud cloud-logs view-delete --id ID
Command options
--id
(int64)- View ID. Required.
Example
ibmcloud cloud-logs view-delete \
--id 52
Folders for views
Create and manage view folders.
ibmcloud cloud-logs view-folders
List view's folders.
ibmcloud cloud-logs view-folders
Example
ibmcloud cloud-logs view-folders
ibmcloud cloud-logs view-folder-create
Create view folder.
ibmcloud cloud-logs view-folder-create --name NAME
Command options
--name
(string)-
View folder name. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
.
Example
ibmcloud cloud-logs view-folder-create \
--name 'My Folder'
ibmcloud cloud-logs view-folder
Get view folder.
ibmcloud cloud-logs view-folder --id ID
Command options
--id
(strfmt.UUID)-
Folder ID. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
.
Example
ibmcloud cloud-logs view-folder \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f
ibmcloud cloud-logs view-folder-update
Replaces an existing view folder.
ibmcloud cloud-logs view-folder-update --id ID --name NAME
Command options
--id
(strfmt.UUID)-
Folder ID. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
. --name
(string)-
View folder name. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
.
Example
ibmcloud cloud-logs view-folder-update \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
--name 'My Folder'
ibmcloud cloud-logs view-folder-delete
Deletes a view folder by ID.
ibmcloud cloud-logs view-folder-delete --id ID
Command options
--id
(strfmt.UUID)-
Folder ID. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
.
Example
ibmcloud cloud-logs view-folder-delete \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f
Data access rules
Create and manage Data Access Rules.
ibmcloud cloud-logs data-access-rules
List service instance's Data Access Rules with provided ids.
ibmcloud cloud-logs data-access-rules [--id ID]
Command options
--id
([]strfmt.UUID)-
Array of data access rule IDs.
The list items must match regular expression
/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
. The maximum length is4096
items. The minimum length is0
items.
Example
ibmcloud cloud-logs data-access-rules \
--id 4f966911-4bda-407e-b069-477394effa59
ibmcloud cloud-logs data-access-rule-create
Create a Data Access Rule.
ibmcloud cloud-logs data-access-rule-create --display-name DISPLAY-NAME --filters FILTERS --default-expression DEFAULT-EXPRESSION [--description DESCRIPTION]
Command options
--display-name
(string)-
Display Name for new Data Access Rule. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --filters
(DataAccessRuleFilter[]
)-
Filters for new Data Access Rule. Required.
The maximum length is
4096
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--filters=@path/to/file.json
. --default-expression
(string)-
Default Expression for new Data Access Rule. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|'<> ]+$/
. --description
(string)-
Description for new Data Access Rule.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\-\\s]+$/
.
Example
ibmcloud cloud-logs data-access-rule-create \
--display-name 'Test Data Access Rule' \
--filters '[{"entity_type": "logs", "expression": "<v1> foo == \'bar\'"}]' \
--default-expression '<v1>true' \
--description 'Data Access Rule intended for testing'
ibmcloud cloud-logs data-access-rule-update
Update a Data Access Rule.
ibmcloud cloud-logs data-access-rule-update --id ID --display-name DISPLAY-NAME --filters FILTERS --default-expression DEFAULT-EXPRESSION [--description DESCRIPTION]
Command options
--id
(strfmt.UUID)-
ID of Data Access Rule to be deleted. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
. --display-name
(string)-
Display Name for new Data Access Rule. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --filters
(DataAccessRuleFilter[]
)-
Filters for new Data Access Rule. Required.
The maximum length is
4096
items. The minimum length is0
items.Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--filters=@path/to/file.json
. --default-expression
(string)-
Default Expression for new Data Access Rule. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|'<> ]+$/
. --description
(string)-
Description for new Data Access Rule.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\-\\s]+$/
.
Example
ibmcloud cloud-logs data-access-rule-update \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
--display-name 'Test Data Access Rule' \
--filters '[{"entity_type": "logs", "expression": "<v1> foo == \'bar\'"}]' \
--default-expression '<v1>true' \
--description 'Data Access Rule intended for testing'
ibmcloud cloud-logs data-access-rule-delete
Delete a Data Access Rule.
ibmcloud cloud-logs data-access-rule-delete --id ID
Command options
--id
(strfmt.UUID)-
ID of Data Access Rule to be deleted. Required.
The maximum length is
36
characters. The minimum length is36
characters. The value must match regular expression/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/
.
Example
ibmcloud cloud-logs data-access-rule-delete \
--id 3dc02998-0b50-4ea8-b68a-4779d716fa1f
Enrichments
Create and manage enrichments.
ibmcloud cloud-logs enrichments
List all enrichments.
ibmcloud cloud-logs enrichments
Example
ibmcloud cloud-logs enrichments
ibmcloud cloud-logs enrichment-create
Create an enrichment.
ibmcloud cloud-logs enrichment-create --field-name FIELD-NAME [--enrichment-type ENRICHMENT-TYPE | --enrichment-type-geo-ip ENRICHMENT-TYPE-GEO-IP --enrichment-type-suspicious-ip ENRICHMENT-TYPE-SUSPICIOUS-IP --enrichment-type-custom-enrichment ENRICHMENT-TYPE-CUSTOM-ENRICHMENT]
Command options
--field-name
(string)-
The name of the field to enrich. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --enrichment-type
(EnrichmentV1EnrichmentType
)-
The enrichment type. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--enrichment-type=@path/to/file.json
. --enrichment-type-geo-ip
(EnrichmentV1GeoIpTypeEmpty
)-
The geo ip enrichment. This option provides a value for a sub-field of the JSON option 'enrichment-type'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--enrichment-type-geo-ip=@path/to/file.json
. --enrichment-type-suspicious-ip
(EnrichmentV1SuspiciousIpTypeEmpty
)-
The suspicious ip enrichment. This option provides a value for a sub-field of the JSON option 'enrichment-type'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--enrichment-type-suspicious-ip=@path/to/file.json
. --enrichment-type-custom-enrichment
(EnrichmentV1CustomEnrichmentType
)-
The custom enrichment. This option provides a value for a sub-field of the JSON option 'enrichment-type'. It is mutually exclusive with that option.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--enrichment-type-custom-enrichment=@path/to/file.json
.
Examples
ibmcloud cloud-logs enrichment-create \
--field-name ip \
--enrichment-type '{"geo_ip": {}}'
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs enrichment-create \
--field-name ip \
--enrichment-type-geo-ip enrichmentV1GeoIpTypeEmpty
ibmcloud cloud-logs enrichment-delete
Delete enrichments.
ibmcloud cloud-logs enrichment-delete --id ID
Command options
--id
(int64)-
The enrichment ID. Required.
The maximum value is
4294967295
. The minimum value is0
.
Example
ibmcloud cloud-logs enrichment-delete \
--id 1
Data usage metrics
Data usage service.
ibmcloud cloud-logs data-usage-metrics-export-status
Get data usage metrics export status.
ibmcloud cloud-logs data-usage-metrics-export-status
Example
ibmcloud cloud-logs data-usage-metrics-export-status
ibmcloud cloud-logs data-usage-metrics-export-status-update
Update data usage metrics export status.
ibmcloud cloud-logs data-usage-metrics-export-status-update --enabled ENABLED
Command options
--enabled
(bool)- The "enabled" parameter for metrics export. Required.
Example
ibmcloud cloud-logs data-usage-metrics-export-status-update \
--enabled true
QueryService
Query and process your logs.
ibmcloud cloud-logs query
Run a query to search the logs.
ibmcloud cloud-logs query --query QUDATAPRIME_OR_LUCENE_QUERY [--metadata METADATA | --start-date START-DATE --end-date END-DATE --default-source DEFAULT-SOURCE --tier TIER --syntax SYNTAX --limit LIMIT --strict-fields-validation STRICT-FIELDS-VALIDATION] [--since SINCE] [--local-time LOCAL-TIME]
Command options
--query
(string)-
The query for which you are seeking results. Required.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --metadata
(ApisDataprimeV1Metadata
)-
Configuration for query execution. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.
Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a
@
, e.g.--metadata=@path/to/file.json
. --start-date
(strfmt.DateTime)-
Beginning of the time range for the query. Default: end - 15 min or current time - 15 min if end is not defined. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.
--end-date
(strfmt.DateTime)-
End of the time range for the query. Default: start + 15 min or current time if start is not defined. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.
--default-source
(string)-
Default value for the source to be used when the source is omitted in a query. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.
The maximum length is
4096
characters. The minimum length is1
character. The value must match regular expression/^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/
. --tier
(string)-
Tier on which the query runs. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.
Allowable values are:
unspecified
,archive
,frequent_search
. --syntax
(string)-
The syntax in which the query is written. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.
Allowable values are:
unspecified
,lucene
,dataprime
. --limit
(int64)-
Limit the number of results. Default: 2000; max for TIER_FREQUENT_SEARCH: 12000; max for TIER_ARCHIVE: 50000. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.
--strict-fields-validation
(bool)-
Prohibit the use of unknown fields, i.e., those not detected in the ingested data. Default: false. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.
--since
(duration)-
Query lookback window. Default 1h. Using this flag overrides metadata-start-date and metadata-end-date.
--local-time
(bool)-
Converts the timestamp of the logs to local time.
Examples
ibmcloud cloud-logs query \
--query 'source logs | filter $d.apiVersion == 42' \
--metadata '{"start_date": "2021-01-01T00:00:00.000Z", "end_date": "2021-01-01T00:00:00.000Z", "default_source": "logs", "tier": "frequent_search", "syntax": "dataprime", "limit": 2000, "strict_fields_validation": true}'
Alternatively, granular options are available for the sub-fields of JSON string options:
ibmcloud cloud-logs query \
--query 'source logs | filter $d.apiVersion == 42' \
--start-date 2021-01-01T00:00:00.000Z \
--end-date 2021-01-01T00:00:00.000Z \
--default-source logs \
--tier frequent_search \
--syntax dataprime \
--limit 2000 \
--strict-fields-validation true
Schema examples
The following schema examples represent the data that you need to specify for a command option. These examples model the data structure and include placeholder values for the expected value type. When you run a command, replace these values with the values that apply to your environment as appropriate.
AlertsV1AlertActiveWhen
The following example shows the format of the AlertsV1AlertActiveWhen object.
{
"timeframes" : [ {
"days_of_week" : [ "monday_or_unspecified", "tuesday", "wednesday", "thursday", "friday", "saturday", "sunday" ],
"range" : {
"start" : {
"hours" : 18,
"minutes" : 30,
"seconds" : 0
},
"end" : {
"hours" : 18,
"minutes" : 30,
"seconds" : 0
}
}
} ]
}
AlertsV1AlertFilters
The following example shows the format of the AlertsV1AlertFilters object.
{
"severities" : [ "debug_or_unspecified", "verbose", "info", "warning", "error", "critical" ],
"metadata" : {
"applications" : [ "CpuMonitoring", "WebApi" ],
"subsystems" : [ "SnapshotGenerator", "PermissionControl" ]
},
"alias" : "monitorQuery",
"text" : "initiator.id.keyword:iam-ServiceId-10820fd6-c3fe-414e-8fd5-44ce95f7d34d AND action.keyword:cloud-object-storage.object.create",
"ratio_alerts" : [ {
"alias" : "TopLevelAlert",
"text" : "_exists_:\"container_name\"",
"severities" : [ "debug_or_unspecified", "verbose", "info", "warning", "error", "critical" ],
"applications" : [ "CpuMonitoring", "WebApi" ],
"subsystems" : [ "SnapshotGenerator", "PermissionControl" ],
"group_by" : [ "Host", "Thread" ]
} ],
"filter_type" : "text_or_unspecified"
}
AlertsV1AlertFiltersMetadataFilters
The following example shows the format of the AlertsV1AlertFiltersMetadataFilters object.
{
"applications" : [ "CpuMonitoring", "WebApi" ],
"subsystems" : [ "SnapshotGenerator", "PermissionControl" ]
}
AlertsV1Date
The following example shows the format of the AlertsV1Date object.
{
"year" : 2012,
"month" : 12,
"day" : 24
}
AlertsV1MetaLabel[]
The following example shows the format of the AlertsV1MetaLabel[] object.
[ {
"key" : "env",
"value" : "dev"
} ]
AlertsV2AlertCondition
The following example shows the format of the AlertsV2AlertCondition object.
{
"more_than" : {
"parameters" : {
"threshold" : 1,
"timeframe" : "timeframe_10_min",
"group_by" : [ "coralogix.metadata.applicationName" ],
"metric_alert_parameters" : {
"metric_field" : "cpu_usage",
"metric_source" : "prometheus",
"arithmetic_operator" : "percentile",
"arithmetic_operator_modifier" : 1,
"sample_threshold_percentage" : 100,
"non_null_percentage" : 100,
"swap_null_values" : true
},
"metric_alert_promql_parameters" : {
"promql_text" : "sum(rate(container_cpu_usage_seconds_total{container_name=\"my-container\"}[5m])) by (pod_name)",
"arithmetic_operator_modifier" : 1,
"sample_threshold_percentage" : 100,
"non_null_percentage" : 100,
"swap_null_values" : true
},
"ignore_infinity" : true,
"relative_timeframe" : "hour_or_unspecified",
"cardinality_fields" : [ ],
"related_extended_data" : {
"cleanup_deadman_duration" : "cleanup_deadman_duration_24h",
"should_trigger_deadman" : true
}
},
"evaluation_window" : "rolling_or_unspecified"
}
}
AlertsV2AlertIncidentSettings
The following example shows the format of the AlertsV2AlertIncidentSettings object.
{
"retriggering_period_seconds" : 300,
"notify_on" : "triggered_only",
"use_as_notification_settings" : true
}
AlertsV2AlertNotificationGroups[]
The following example shows the format of the AlertsV2AlertNotificationGroups[] object.
[ {
"group_by_fields" : [ "coralogix.metadata.applicationName" ],
"notifications" : [ {
"retriggering_period_seconds" : 60,
"notify_on" : "triggered_and_resolved",
"integration_id" : 123
} ]
} ]
ApisLogs2metricsV2LogsQuery
The following example shows the format of the ApisLogs2metricsV2LogsQuery object.
{
"lucene" : "logs",
"alias" : "new_query",
"applicationname_filters" : [ "app_name" ],
"subsystemname_filters" : [ "sub_name" ],
"severity_filters" : [ "unspecified", "debug", "verbose", "info", "warning", "error", "critical" ]
}
ApisViewsV1CustomTimeSelection
The following example shows the format of the ApisViewsV1CustomTimeSelection object.
{
"from_time" : "2024-01-25T11:31:43.152Z",
"to_time" : "2024-01-25T11:37:13.238Z"
}
ApisViewsV1SearchQuery
The following example shows the format of the ApisViewsV1SearchQuery object.
{
"query" : "logs"
}
ApisViewsV1SelectedFilters
The following example shows the format of the ApisViewsV1SelectedFilters object.
{
"filters" : [ {
"name" : "applicationName",
"selected_values" : { }
} ]
}
ApisViewsV1TimeSelection
The following example shows the format of the ApisViewsV1TimeSelection object.
{
"custom_selection" : {
"from_time" : "2024-01-25T11:31:43.152Z",
"to_time" : "2024-01-25T11:37:13.238Z"
}
}
DataAccessRuleFilter[]
The following example shows the format of the DataAccessRuleFilter[] object.
[ {
"entity_type" : "logs",
"expression" : "<v1> foo == 'bar'"
} ]
EnrichmentV1EnrichmentType
The following example shows the format of the EnrichmentV1EnrichmentType object.
{
"geo_ip" : { }
}
EnrichmentV1GeoIpTypeEmpty
The following example shows the format of the EnrichmentV1GeoIpTypeEmpty object.
{ }
Event2MetricPrototype
The following example shows the format of the Event2MetricPrototype object.
{
"name" : "test em2",
"description" : "Test e2m",
"permutations_limit" : 1,
"metric_labels" : [ {
"target_label" : "alias_label_name",
"source_field" : "log_obj.string_value"
} ],
"metric_fields" : [ {
"target_base_metric_name" : "alias_field_name",
"source_field" : "log_obj.numeric_field",
"aggregations" : [ {
"enabled" : true,
"agg_type" : "samples",
"target_metric_name" : "alias_field_name_agg_func",
"samples" : {
"sample_type" : "max"
}
} ]
} ],
"type" : "logs2metrics",
"logs_query" : {
"lucene" : "logs",
"alias" : "new_query",
"applicationname_filters" : [ "app_name" ],
"subsystemname_filters" : [ "sub_name" ],
"severity_filters" : [ "unspecified", "debug", "verbose", "info", "warning", "error", "critical" ]
}
}
OutgoingWebhookPrototype
The following example shows the format of the OutgoingWebhookPrototype object.
{
"type" : "ibm_event_notifications",
"name" : "Event Notifications Integration",
"url" : "https://example.com",
"ibm_event_notifications" : {
"event_notifications_instance_id" : "9fab83da-98cb-4f18-a7ba-b6f0435c9673",
"region_id" : "eu-es",
"source_id" : "crn:v1:staging:public:logs:eu-gb:a/223af6f4260f42ebe23e95fcddd33cb7:63a3e4be-cb73-4f52-898e-8e93484a70a5::",
"source_name" : "IBM Cloud Event Notifications"
}
}
OutgoingWebhooksV1IbmEventNotificationsConfig
The following example shows the format of the OutgoingWebhooksV1IbmEventNotificationsConfig object.
{
"event_notifications_instance_id" : "9fab83da-98cb-4f18-a7ba-b6f0435c9673",
"region_id" : "eu-es",
"source_id" : "crn:v1:staging:public:logs:eu-gb:a/223af6f4260f42ebe23e95fcddd33cb7:63a3e4be-cb73-4f52-898e-8e93484a70a5::",
"source_name" : "IBM Cloud Event Notifications"
}
PolicyPrototype
The following example shows the format of the PolicyPrototype object.
{
"name" : "Med_policy",
"description" : "Medium policy",
"priority" : "type_high",
"application_rule" : {
"rule_type_id" : "is",
"name" : "test"
},
"subsystem_rule" : {
"rule_type_id" : "is",
"name" : "test"
},
"archive_retention" : {
"id" : "9fab83da-98cb-4f18-a7ba-b6f0435c9673"
},
"log_rules" : {
"severities" : [ "unspecified", "debug", "verbose", "info", "warning", "error", "critical" ]
}
}
QuotaV1ArchiveRetention
The following example shows the format of the QuotaV1ArchiveRetention object.
{
"id" : "9fab83da-98cb-4f18-a7ba-b6f0435c9673"
}
QuotaV1LogRules
The following example shows the format of the QuotaV1LogRules object.
{
"severities" : [ "unspecified", "debug", "verbose", "info", "warning", "error", "critical" ]
}
QuotaV1Rule
The following example shows the format of the QuotaV1Rule object.
{
"rule_type_id" : "is",
"name" : "test"
}
RulesV1CreateRuleGroupRequestCreateRuleSubgroup[]
The following example shows the format of the RulesV1CreateRuleGroupRequestCreateRuleSubgroup[] object.
[ {
"rules" : [ {
"name" : "mysql-parse",
"description" : "mysql-parse",
"source_field" : "text",
"parameters" : {
"parse_parameters" : {
"destination_field" : "text",
"rule" : "(?P<timestamp>[^,]+),(?P<hostname>[^,]+),(?P<username>[^,]+),(?P<ip>[^,]+),(?P<connectionId>[0-9]+),(?P<queryId>[0-9]+),(?P<operation>[^,]+),(?P<database>[^,]+),'?(?P<object>.*)'?,(?P<returnCode>[0-9]+)"
}
},
"enabled" : true,
"order" : 1
} ],
"enabled" : true,
"order" : 1
} ]
RulesV1RuleMatcher[]
The following example shows the format of the RulesV1RuleMatcher[] object.
[ {
"subsystem_name" : {
"value" : "mysql"
}
} ]