IBM Cloud Docs
IBM Cloud Logs CLI

IBM Cloud Logs CLI

You can use the IBM® Cloud Logs command-line interface (CLI) to manage your IBM Cloud Logs instance.

Prerequisites

  • Install the IBM Cloud CLI.

  • Install the IBM Cloud Logs CLI plug-in by running the following command:

    ibmcloud plugin install logs
    

    You're notified on the command line when updates to the IBM Cloud CLI and plug-ins are available. Be sure to keep your CLI up to date so that you can use the latest commands. You can view the current version of all installed plug-ins by running ibmcloud plugin list.

  • To target the IBM Cloud Logs instance, use one of the following options.

    • Run the ibmcloud logs config set command.

       ibmcloud logs config set service-url https://{instance_ID}.api.{region}.logs.cloud.ibm.com
      
    • Export an environment variable with your IBM Cloud Logs service endpoint URL.

      export LOGS_URL=https://{instance_ID}.api.{region}.logs.cloud.ibm.com
      
    • Set the service endpoint in the command.

      ibmcloud logs --service-url https://{instance_ID}.api.{region}.logs.cloud.ibm.com
      

    Replace {instance_ID} and {region} with the values that apply to your IBM Cloud Logs service instance. The endpoint URL that is specific to your instance can be copied from the service details page in the IBM Cloud Logs UI.

Global configuration commands

Global parameters can also be stored in persistent configuration so that they do not need to be manually specified each time the plugin is invoked. Each parameter can be configured with the config command and its subcommands.

ibmcloud cloud-logs config

ibmcloud cloud-logs config

ibmcloud cloud-logs config set

Set a new config value for a specific option. The value must be of type string.

ibmcloud cloud-logs config set <option> <value>

Examples

ibmcloud cloud-logs config set service-url \
    'https://ibm.cloud.com/my-api'

ibmcloud cloud-logs config get

Display the currently set value for a specific option.

ibmcloud cloud-logs config get <option>

Examples

ibmcloud cloud-logs config get service-url

ibmcloud cloud-logs config unset

Unset the currently set value for a specific option.

The options available for this service are: service-url, .

ibmcloud cloud-logs config unset <option>

Examples

ibmcloud cloud-logs config unset service-url

ibmcloud cloud-logs config list

List out all of the currently set config values.

ibmcloud cloud-logs config list

Examples

ibmcloud cloud-logs config list

Alerts

Create and manage alerts.

ibmcloud cloud-logs alert

Get an alert by ID.

ibmcloud cloud-logs alert --id ID

Command options

--id (strfmt.UUID)

Alert ID. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

Example

ibmcloud cloud-logs alert \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f

ibmcloud cloud-logs alert-update

Update an alert.

ibmcloud cloud-logs alert-update --id ID --name NAME --is-active IS-ACTIVE --severity SEVERITY [--condition CONDITION | --condition-immediate CONDITION-IMMEDIATE --condition-less-than CONDITION-LESS-THAN --condition-more-than CONDITION-MORE-THAN --condition-more-than-usual CONDITION-MORE-THAN-USUAL --condition-new-value CONDITION-NEW-VALUE --condition-flow CONDITION-FLOW --condition-unique-count CONDITION-UNIQUE-COUNT --condition-less-than-usual CONDITION-LESS-THAN-USUAL] --notification-groups NOTIFICATION-GROUPS [--filters FILTERS | --filters-severities FILTERS-SEVERITIES --filters-metadata FILTERS-METADATA --filters-alias FILTERS-ALIAS --filters-text FILTERS-TEXT --filters-ratio-alerts FILTERS-RATIO-ALERTS --filters-filter-type FILTERS-FILTER-TYPE] [--description DESCRIPTION] [--expiration EXPIRATION | --expiration-year EXPIRATION-YEAR --expiration-month EXPIRATION-MONTH --expiration-day EXPIRATION-DAY] [--active-when ACTIVE-WHEN | --active-when-timeframes ACTIVE-WHEN-TIMEFRAMES] [--notification-payload-filters NOTIFICATION-PAYLOAD-FILTERS] [--meta-labels META-LABELS] [--meta-labels-strings META-LABELS-STRINGS] [--incident-settings INCIDENT-SETTINGS | --incident-settings-retriggering-period-seconds INCIDENT-SETTINGS-RETRIGGERING-PERIOD-SECONDS --incident-settings-notify-on INCIDENT-SETTINGS-NOTIFY-ON --incident-settings-use-as-notification-settings INCIDENT-SETTINGS-USE-AS-NOTIFICATION-SETTINGS]

Command options

--id (strfmt.UUID)

Alert ID. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

--name (string)

Alert name. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--is-active (bool)

Alert is active. Required.

--severity (string)

Alert severity. Required.

Allowable values are: info_or_unspecified, warning, critical, error.

--condition (AlertsV2AlertCondition)

Alert condition. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition=@path/to/file.json.

--notification-groups (AlertsV2AlertNotificationGroups[])

Alert notification groups. Required.

The maximum length is 10 items. The minimum length is 1 item.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --notification-groups=@path/to/file.json.

--filters (AlertsV1AlertFilters)

Alert filters. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --filters=@path/to/file.json.

--description (string)

Alert description.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\-\\s]+$/.

--expiration (AlertsV1Date)

Alert expiration date. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --expiration=@path/to/file.json.

--active-when (AlertsV1AlertActiveWhen)

When should the alert be active. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --active-when=@path/to/file.json.

--notification-payload-filters ([]string)

JSON keys to include in the alert notification, if left empty get the full log text in the alert notification.

The list items must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/. The maximum length is 100 items. The minimum length is 0 items.

--meta-labels (AlertsV1MetaLabel[])

The Meta labels to add to the alert.

The maximum length is 200 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --meta-labels=@path/to/file.json.

--meta-labels-strings ([]string)

The Meta labels to add to the alert as string with ':' separator.

The list items must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/. The maximum length is 4096 items. The minimum length is 0 items.

--incident-settings (AlertsV2AlertIncidentSettings)

Incident settings, will create the incident based on this configuration. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --incident-settings=@path/to/file.json.

--condition-immediate (AlertsV2ImmediateConditionEmpty)

Condition for immediate standard alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-immediate=@path/to/file.json.

--condition-less-than (AlertsV2LessThanCondition)

Condition for less than alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-less-than=@path/to/file.json.

--condition-more-than (AlertsV2MoreThanCondition)

Condition for more than alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-more-than=@path/to/file.json.

--condition-more-than-usual (AlertsV2MoreThanUsualCondition)

Condition for more than usual alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-more-than-usual=@path/to/file.json.

--condition-new-value (AlertsV2NewValueCondition)

Condition for new value alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-new-value=@path/to/file.json.

--condition-flow (AlertsV2FlowCondition)

Condition for flow alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-flow=@path/to/file.json.

--condition-unique-count (AlertsV2UniqueCountCondition)

Condition for unique count alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-unique-count=@path/to/file.json.

--condition-less-than-usual (AlertsV2LessThanUsualCondition)

Condition for less than usual alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-less-than-usual=@path/to/file.json.

--filters-severities ([]string)

The severity of the logs to filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

Allowable list items are: debug_or_unspecified, verbose, info, warning, error, critical. The maximum length is 4096 items. The minimum length is 0 items.

--filters-metadata (AlertsV1AlertFiltersMetadataFilters)

The metadata filters. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --filters-metadata=@path/to/file.json.

--filters-alias (string)

The alias of the filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--filters-text (string)

The text to filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--filters-ratio-alerts (AlertsV1AlertFiltersRatioAlert[])

The ratio alerts. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

The maximum length is 4096 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --filters-ratio-alerts=@path/to/file.json.

--filters-filter-type (string)

The type of the filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

Allowable values are: text_or_unspecified, template, ratio, unique_count, time_relative, metric, flow.

--expiration-year (int64)

Year. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.

--expiration-month (int64)

Month of the year. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.

--expiration-day (int64)

Day of the month. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.

--active-when-timeframes (AlertsV1AlertActiveTimeframe[])

Activity timeframes of the alert. This option provides a value for a sub-field of the JSON option 'active-when'. It is mutually exclusive with that option.

The maximum length is 30 items. The minimum length is 1 item.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --active-when-timeframes=@path/to/file.json.

--incident-settings-retriggering-period-seconds (int64)

The retriggering period of the alert in seconds. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.

The maximum value is 4294967295. The minimum value is 0.

--incident-settings-notify-on (string)

Notify on setting. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.

Allowable values are: triggered_only, triggered_and_resolved.

--incident-settings-use-as-notification-settings (bool)

Use these settings for all notificaion webhook. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.

Examples

ibmcloud cloud-logs alert-update \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
    --name 'Test alert' \
    --is-active true \
    --severity info_or_unspecified \
    --condition '{"more_than": {"parameters": {"threshold": 1, "timeframe": "timeframe_10_min", "group_by": ["coralogix.metadata.applicationName"], "metric_alert_parameters": {"metric_field": "cpu_usage", "metric_source": "prometheus", "arithmetic_operator": "percentile", "arithmetic_operator_modifier": 1, "sample_threshold_percentage": 100, "non_null_percentage": 100, "swap_null_values": true}, "metric_alert_promql_parameters": {"promql_text": "sum(rate(container_cpu_usage_seconds_total{container_name=\"my-container\"}[5m])) by (pod_name)", "arithmetic_operator_modifier": 1, "sample_threshold_percentage": 100, "non_null_percentage": 100, "swap_null_values": true}, "ignore_infinity": true, "relative_timeframe": "hour_or_unspecified", "cardinality_fields": [], "related_extended_data": {"cleanup_deadman_duration": "cleanup_deadman_duration_24h", "should_trigger_deadman": true}}, "evaluation_window": "rolling_or_unspecified"}}' \
    --notification-groups '[{"group_by_fields": ["coralogix.metadata.applicationName"], "notifications": [{"retriggering_period_seconds": 60, "notify_on": "triggered_and_resolved", "integration_id": 123}]}]' \
    --filters '{"severities": ["debug_or_unspecified","verbose","info","warning","error","critical"], "metadata": {"applications": ["CpuMonitoring","WebApi"], "subsystems": ["SnapshotGenerator","PermissionControl"]}, "alias": "monitorQuery", "text": "initiator.id.keyword:iam-ServiceId-10820fd6-c3fe-414e-8fd5-44ce95f7d34d AND action.keyword:cloud-object-storage.object.create", "ratio_alerts": [{"alias": "TopLevelAlert", "text": "_exists_:\"container_name\"", "severities": ["debug_or_unspecified","verbose","info","warning","error","critical"], "applications": ["CpuMonitoring","WebApi"], "subsystems": ["SnapshotGenerator","PermissionControl"], "group_by": ["Host","Thread"]}], "filter_type": "text_or_unspecified"}' \
    --description 'Alert if the number of logs reaches a threshold' \
    --expiration '{"year": 2012, "month": 12, "day": 24}' \
    --active-when '{"timeframes": [{"days_of_week": ["monday_or_unspecified","tuesday","wednesday","thursday","friday","saturday","sunday"], "range": {"start": {"hours": 18, "minutes": 30, "seconds": 0}, "end": {"hours": 18, "minutes": 30, "seconds": 0}}}]}' \
    --notification-payload-filters exampleString,anotherTestString \
    --meta-labels '[{"key": "env", "value": "dev"}]' \
    --meta-labels-strings '[]' \
    --incident-settings '{"retriggering_period_seconds": 300, "notify_on": "triggered_only", "use_as_notification_settings": true}'

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs alert-update \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
    --name 'Test alert' \
    --is-active true \
    --severity info_or_unspecified \
    --notification-groups '[alertsV2AlertNotificationGroups]' \
    --description 'Alert if the number of logs reaches a threshold' \
    --notification-payload-filters exampleString,anotherTestString \
    --meta-labels '[alertsV1MetaLabel]' \
    --meta-labels-strings '[]' \
    --condition-more-than alertsV2MoreThanCondition \
    --filters-severities debug_or_unspecified,verbose,info,warning,error,critical \
    --filters-metadata alertsV1AlertFiltersMetadataFilters \
    --filters-alias monitorQuery \
    --filters-text _exists_:"container_name" \
    --filters-ratio-alerts '[alertsV1AlertFiltersRatioAlert]' \
    --filters-filter-type flow \
    --expiration-year 2012 \
    --expiration-month 12 \
    --expiration-day 24 \
    --active-when-timeframes '[alertsV1AlertActiveTimeframe]' \
    --incident-settings-retriggering-period-seconds 60 \
    --incident-settings-notify-on triggered_and_resolved \
    --incident-settings-use-as-notification-settings true

ibmcloud cloud-logs alert-delete

Delete an alert.

ibmcloud cloud-logs alert-delete --id ID

Command options

--id (strfmt.UUID)

Alert ID. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

Example

ibmcloud cloud-logs alert-delete \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f

ibmcloud cloud-logs alerts

List alerts.

ibmcloud cloud-logs alerts

Example

ibmcloud cloud-logs alerts

ibmcloud cloud-logs alert-create

Create an alert.

ibmcloud cloud-logs alert-create --name NAME --is-active IS-ACTIVE --severity SEVERITY [--condition CONDITION | --condition-immediate CONDITION-IMMEDIATE --condition-less-than CONDITION-LESS-THAN --condition-more-than CONDITION-MORE-THAN --condition-more-than-usual CONDITION-MORE-THAN-USUAL --condition-new-value CONDITION-NEW-VALUE --condition-flow CONDITION-FLOW --condition-unique-count CONDITION-UNIQUE-COUNT --condition-less-than-usual CONDITION-LESS-THAN-USUAL] --notification-groups NOTIFICATION-GROUPS [--filters FILTERS | --filters-severities FILTERS-SEVERITIES --filters-metadata FILTERS-METADATA --filters-alias FILTERS-ALIAS --filters-text FILTERS-TEXT --filters-ratio-alerts FILTERS-RATIO-ALERTS --filters-filter-type FILTERS-FILTER-TYPE] [--description DESCRIPTION] [--expiration EXPIRATION | --expiration-year EXPIRATION-YEAR --expiration-month EXPIRATION-MONTH --expiration-day EXPIRATION-DAY] [--active-when ACTIVE-WHEN | --active-when-timeframes ACTIVE-WHEN-TIMEFRAMES] [--notification-payload-filters NOTIFICATION-PAYLOAD-FILTERS] [--meta-labels META-LABELS] [--meta-labels-strings META-LABELS-STRINGS] [--incident-settings INCIDENT-SETTINGS | --incident-settings-retriggering-period-seconds INCIDENT-SETTINGS-RETRIGGERING-PERIOD-SECONDS --incident-settings-notify-on INCIDENT-SETTINGS-NOTIFY-ON --incident-settings-use-as-notification-settings INCIDENT-SETTINGS-USE-AS-NOTIFICATION-SETTINGS]

Command options

--name (string)

Alert name. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--is-active (bool)

Alert is active. Required.

--severity (string)

Alert severity. Required.

Allowable values are: info_or_unspecified, warning, critical, error.

--condition (AlertsV2AlertCondition)

Alert condition. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition=@path/to/file.json.

--notification-groups (AlertsV2AlertNotificationGroups[])

Alert notification groups. Required.

The maximum length is 10 items. The minimum length is 1 item.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --notification-groups=@path/to/file.json.

--filters (AlertsV1AlertFilters)

Alert filters. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --filters=@path/to/file.json.

--description (string)

Alert description.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\-\\s]+$/.

--expiration (AlertsV1Date)

Alert expiration date. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --expiration=@path/to/file.json.

--active-when (AlertsV1AlertActiveWhen)

When should the alert be active. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --active-when=@path/to/file.json.

--notification-payload-filters ([]string)

JSON keys to include in the alert notification, if left empty get the full log text in the alert notification.

The list items must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/. The maximum length is 100 items. The minimum length is 0 items.

--meta-labels (AlertsV1MetaLabel[])

The Meta labels to add to the alert.

The maximum length is 200 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --meta-labels=@path/to/file.json.

--meta-labels-strings ([]string)

The Meta labels to add to the alert as string with ':' separator.

The list items must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/. The maximum length is 4096 items. The minimum length is 0 items.

--incident-settings (AlertsV2AlertIncidentSettings)

Incident settings, will create the incident based on this configuration. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --incident-settings=@path/to/file.json.

--condition-immediate (AlertsV2ImmediateConditionEmpty)

Condition for immediate standard alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-immediate=@path/to/file.json.

--condition-less-than (AlertsV2LessThanCondition)

Condition for less than alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-less-than=@path/to/file.json.

--condition-more-than (AlertsV2MoreThanCondition)

Condition for more than alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-more-than=@path/to/file.json.

--condition-more-than-usual (AlertsV2MoreThanUsualCondition)

Condition for more than usual alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-more-than-usual=@path/to/file.json.

--condition-new-value (AlertsV2NewValueCondition)

Condition for new value alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-new-value=@path/to/file.json.

--condition-flow (AlertsV2FlowCondition)

Condition for flow alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-flow=@path/to/file.json.

--condition-unique-count (AlertsV2UniqueCountCondition)

Condition for unique count alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-unique-count=@path/to/file.json.

--condition-less-than-usual (AlertsV2LessThanUsualCondition)

Condition for less than usual alert. This option provides a value for a sub-field of the JSON option 'condition'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --condition-less-than-usual=@path/to/file.json.

--filters-severities ([]string)

The severity of the logs to filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

Allowable list items are: debug_or_unspecified, verbose, info, warning, error, critical. The maximum length is 4096 items. The minimum length is 0 items.

--filters-metadata (AlertsV1AlertFiltersMetadataFilters)

The metadata filters. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --filters-metadata=@path/to/file.json.

--filters-alias (string)

The alias of the filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--filters-text (string)

The text to filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--filters-ratio-alerts (AlertsV1AlertFiltersRatioAlert[])

The ratio alerts. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

The maximum length is 4096 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --filters-ratio-alerts=@path/to/file.json.

--filters-filter-type (string)

The type of the filter. This option provides a value for a sub-field of the JSON option 'filters'. It is mutually exclusive with that option.

Allowable values are: text_or_unspecified, template, ratio, unique_count, time_relative, metric, flow.

--expiration-year (int64)

Year. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.

--expiration-month (int64)

Month of the year. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.

--expiration-day (int64)

Day of the month. This option provides a value for a sub-field of the JSON option 'expiration'. It is mutually exclusive with that option.

--active-when-timeframes (AlertsV1AlertActiveTimeframe[])

Activity timeframes of the alert. This option provides a value for a sub-field of the JSON option 'active-when'. It is mutually exclusive with that option.

The maximum length is 30 items. The minimum length is 1 item.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --active-when-timeframes=@path/to/file.json.

--incident-settings-retriggering-period-seconds (int64)

The retriggering period of the alert in seconds. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.

The maximum value is 4294967295. The minimum value is 0.

--incident-settings-notify-on (string)

Notify on setting. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.

Allowable values are: triggered_only, triggered_and_resolved.

--incident-settings-use-as-notification-settings (bool)

Use these settings for all notificaion webhook. This option provides a value for a sub-field of the JSON option 'incident-settings'. It is mutually exclusive with that option.

Examples

ibmcloud cloud-logs alert-create \
    --name 'Test alert' \
    --is-active true \
    --severity info_or_unspecified \
    --condition '{"more_than": {"parameters": {"threshold": 1, "timeframe": "timeframe_10_min", "group_by": ["coralogix.metadata.applicationName"], "metric_alert_parameters": {"metric_field": "cpu_usage", "metric_source": "prometheus", "arithmetic_operator": "percentile", "arithmetic_operator_modifier": 1, "sample_threshold_percentage": 100, "non_null_percentage": 100, "swap_null_values": true}, "metric_alert_promql_parameters": {"promql_text": "sum(rate(container_cpu_usage_seconds_total{container_name=\"my-container\"}[5m])) by (pod_name)", "arithmetic_operator_modifier": 1, "sample_threshold_percentage": 100, "non_null_percentage": 100, "swap_null_values": true}, "ignore_infinity": true, "relative_timeframe": "hour_or_unspecified", "cardinality_fields": [], "related_extended_data": {"cleanup_deadman_duration": "cleanup_deadman_duration_24h", "should_trigger_deadman": true}}, "evaluation_window": "rolling_or_unspecified"}}' \
    --notification-groups '[{"group_by_fields": ["coralogix.metadata.applicationName"], "notifications": [{"retriggering_period_seconds": 60, "notify_on": "triggered_and_resolved", "integration_id": 123}]}]' \
    --filters '{"severities": ["debug_or_unspecified","verbose","info","warning","error","critical"], "metadata": {"applications": ["CpuMonitoring","WebApi"], "subsystems": ["SnapshotGenerator","PermissionControl"]}, "alias": "monitorQuery", "text": "initiator.id.keyword:iam-ServiceId-10820fd6-c3fe-414e-8fd5-44ce95f7d34d AND action.keyword:cloud-object-storage.object.create", "ratio_alerts": [{"alias": "TopLevelAlert", "text": "_exists_:\"container_name\"", "severities": ["debug_or_unspecified","verbose","info","warning","error","critical"], "applications": ["CpuMonitoring","WebApi"], "subsystems": ["SnapshotGenerator","PermissionControl"], "group_by": ["Host","Thread"]}], "filter_type": "text_or_unspecified"}' \
    --description 'Alert if the number of logs reaches a threshold' \
    --expiration '{"year": 2012, "month": 12, "day": 24}' \
    --active-when '{"timeframes": [{"days_of_week": ["monday_or_unspecified","tuesday","wednesday","thursday","friday","saturday","sunday"], "range": {"start": {"hours": 18, "minutes": 30, "seconds": 0}, "end": {"hours": 18, "minutes": 30, "seconds": 0}}}]}' \
    --notification-payload-filters exampleString,anotherTestString \
    --meta-labels '[{"key": "env", "value": "dev"}]' \
    --meta-labels-strings '[]' \
    --incident-settings '{"retriggering_period_seconds": 300, "notify_on": "triggered_only", "use_as_notification_settings": true}'

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs alert-create \
    --name 'Test alert' \
    --is-active true \
    --severity info_or_unspecified \
    --notification-groups '[alertsV2AlertNotificationGroups]' \
    --description 'Alert if the number of logs reaches a threshold' \
    --notification-payload-filters exampleString,anotherTestString \
    --meta-labels '[alertsV1MetaLabel]' \
    --meta-labels-strings '[]' \
    --condition-more-than alertsV2MoreThanCondition \
    --filters-severities debug_or_unspecified,verbose,info,warning,error,critical \
    --filters-metadata alertsV1AlertFiltersMetadataFilters \
    --filters-alias monitorQuery \
    --filters-text _exists_:"container_name" \
    --filters-ratio-alerts '[alertsV1AlertFiltersRatioAlert]' \
    --filters-filter-type flow \
    --expiration-year 2012 \
    --expiration-month 12 \
    --expiration-day 24 \
    --active-when-timeframes '[alertsV1AlertActiveTimeframe]' \
    --incident-settings-retriggering-period-seconds 60 \
    --incident-settings-notify-on triggered_and_resolved \
    --incident-settings-use-as-notification-settings true

Rules

Create and manage parsing rules.

ibmcloud cloud-logs rule-group

Gets rule group by groupid.

ibmcloud cloud-logs rule-group --id ID

Command options

--id (strfmt.UUID)

The group ID. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

Example

ibmcloud cloud-logs rule-group \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f

ibmcloud cloud-logs rule-group-update

Updates rule group by groupid.

ibmcloud cloud-logs rule-group-update --id ID --name NAME --rule-subgroups RULE-SUBGROUPS [--description DESCRIPTION] [--enabled ENABLED] [--rule-matchers RULE-MATCHERS] [--order ORDER]

Command options

--id (strfmt.UUID)

The group ID. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

--name (string)

The name of the rule group. Required.

The maximum length is 255 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--rule-subgroups (RulesV1CreateRuleGroupRequestCreateRuleSubgroup[])

Rule subgroups. Will try to execute the first rule subgroup, and if not matched will try to match the next one in order. Required.

The maximum length is 4096 items. The minimum length is 1 item.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --rule-subgroups=@path/to/file.json.

--description (string)

A description for the rule group, should express what is the rule group purpose.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\-\\s]+$/.

--enabled (bool)

Whether or not the rule is enabled.

--rule-matchers (RulesV1RuleMatcher[])

Optional rule matchers which if matched will make the rule go through the rule group.

The maximum length is 4096 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --rule-matchers=@path/to/file.json.

--order (int64)

The order in which the rule group will be evaluated. The lower the order, the more priority the group will have. Not providing the order will by default create a group with the last order.

The maximum value is 4294967295. The minimum value is 0.

Example

ibmcloud cloud-logs rule-group-update \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
    --name mysql-extractrule \
    --rule-subgroups '[{"rules": [{"name": "mysql-parse", "description": "mysql-parse", "source_field": "text", "parameters": {"parse_parameters": {"destination_field": "text", "rule": "(?P<timestamp>[^,]+),(?P<hostname>[^,]+),(?P<username>[^,]+),(?P<ip>[^,]+),(?P<connectionId>[0-9]+),(?P<queryId>[0-9]+),(?P<operation>[^,]+),(?P<database>[^,]+),\'?(?P<object>.*)\'?,(?P<returnCode>[0-9]+)"}}, "enabled": true, "order": 1}], "enabled": true, "order": 1}]' \
    --description 'mysql audit logs parser' \
    --enabled true \
    --rule-matchers '[{"subsystem_name": {"value": "mysql"}}]' \
    --order 39

ibmcloud cloud-logs rule-group-delete

Deletes rule group by groupid.

ibmcloud cloud-logs rule-group-delete --id ID

Command options

--id (strfmt.UUID)

The group ID. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

Example

ibmcloud cloud-logs rule-group-delete \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f

ibmcloud cloud-logs rule-groups

Gets all rule groups.

ibmcloud cloud-logs rule-groups

Example

ibmcloud cloud-logs rule-groups

ibmcloud cloud-logs rule-group-create

Creates rule group.

ibmcloud cloud-logs rule-group-create --name NAME --rule-subgroups RULE-SUBGROUPS [--description DESCRIPTION] [--enabled ENABLED] [--rule-matchers RULE-MATCHERS] [--order ORDER]

Command options

--name (string)

The name of the rule group. Required.

The maximum length is 255 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--rule-subgroups (RulesV1CreateRuleGroupRequestCreateRuleSubgroup[])

Rule subgroups. Will try to execute the first rule subgroup, and if not matched will try to match the next one in order. Required.

The maximum length is 4096 items. The minimum length is 1 item.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --rule-subgroups=@path/to/file.json.

--description (string)

A description for the rule group, should express what is the rule group purpose.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\-\\s]+$/.

--enabled (bool)

Whether or not the rule is enabled.

--rule-matchers (RulesV1RuleMatcher[])

Optional rule matchers which if matched will make the rule go through the rule group.

The maximum length is 4096 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --rule-matchers=@path/to/file.json.

--order (int64)

The order in which the rule group will be evaluated. The lower the order, the more priority the group will have. Not providing the order will by default create a group with the last order.

The maximum value is 4294967295. The minimum value is 0.

Example

ibmcloud cloud-logs rule-group-create \
    --name mysql-extractrule \
    --rule-subgroups '[{"rules": [{"name": "mysql-parse", "description": "mysql-parse", "source_field": "text", "parameters": {"parse_parameters": {"destination_field": "text", "rule": "(?P<timestamp>[^,]+),(?P<hostname>[^,]+),(?P<username>[^,]+),(?P<ip>[^,]+),(?P<connectionId>[0-9]+),(?P<queryId>[0-9]+),(?P<operation>[^,]+),(?P<database>[^,]+),\'?(?P<object>.*)\'?,(?P<returnCode>[0-9]+)"}}, "enabled": true, "order": 1}], "enabled": true, "order": 1}]' \
    --description 'mysql audit logs  parser' \
    --enabled true \
    --rule-matchers '[{"subsystem_name": {"value": "mysql"}}]' \
    --order 39

Outbound Integrations

Create and manage your Outbound integrations so that you can receive alerts.

ibmcloud cloud-logs outgoing-webhooks

List Outbound Integrations.

ibmcloud cloud-logs outgoing-webhooks [--type TYPE]

Command options

--type (string)

The type of the deployed Outbound Integrations to list.

Allowable values are: ibm_event_notifications.

Example

ibmcloud cloud-logs outgoing-webhooks \
    --type ibm_event_notifications

ibmcloud cloud-logs outgoing-webhook-create

Create an Outbound Integration.

ibmcloud cloud-logs outgoing-webhook-create [--prototype PROTOTYPE | --type TYPE --name NAME --url URL --ibm-event-notifications IBM-EVENT-NOTIFICATIONS]

Command options

--prototype (OutgoingWebhookPrototype)

The input data of the Outbound Integration. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --prototype=@path/to/file.json.

--type (string)

The type of the deployed Outbound Integrations to list. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Allowable values are: ibm_event_notifications.

--name (string)

The name of the Outbound Integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--url (string)

The URL of the Outbound Integration. Null for IBM Event Notifications integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--ibm-event-notifications (OutgoingWebhooksV1IbmEventNotificationsConfig)

The configuration of the IBM Event Notifications Outbound Integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --ibm-event-notifications=@path/to/file.json.

Examples

ibmcloud cloud-logs outgoing-webhook-create \
    --prototype '{"type": "ibm_event_notifications", "name": "Event Notifications Integration", "url": "https://example.com", "ibm_event_notifications": {"event_notifications_instance_id": "9fab83da-98cb-4f18-a7ba-b6f0435c9673", "region_id": "eu-es", "source_id": "crn:v1:staging:public:logs:eu-gb:a/223af6f4260f42ebe23e95fcddd33cb7:63a3e4be-cb73-4f52-898e-8e93484a70a5::", "source_name": "IBM Cloud Event Notifications"}}'

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs outgoing-webhook-create \
    --type ibm_event_notifications \
    --name 'Event Notifications Integration' \
    --url https://example.com \
    --ibm-event-notifications outgoingWebhooksV1IbmEventNotificationsConfig

ibmcloud cloud-logs outgoing-webhook

Gets an Outbound Integration by ID.

ibmcloud cloud-logs outgoing-webhook --id ID

Command options

--id (strfmt.UUID)

The ID of the Outbound Integration to delete. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

Example

ibmcloud cloud-logs outgoing-webhook \
    --id 585bea36-bdd1-4bfb-9a26-51f1f8a12660

ibmcloud cloud-logs outgoing-webhook-update

Update an Outbound Integration.

ibmcloud cloud-logs outgoing-webhook-update --id ID [--prototype PROTOTYPE | --type TYPE --name NAME --url URL --ibm-event-notifications IBM-EVENT-NOTIFICATIONS]

Command options

--id (strfmt.UUID)

The ID of the Outbound Integration to delete. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

--prototype (OutgoingWebhookPrototype)

The input data of the Outbound Integration. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --prototype=@path/to/file.json.

--type (string)

The type of the deployed Outbound Integrations to list. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Allowable values are: ibm_event_notifications.

--name (string)

The name of the Outbound Integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--url (string)

The URL of the Outbound Integration. Null for IBM Event Notifications integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--ibm-event-notifications (OutgoingWebhooksV1IbmEventNotificationsConfig)

The configuration of the IBM Event Notifications Outbound Integration. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --ibm-event-notifications=@path/to/file.json.

Examples

ibmcloud cloud-logs outgoing-webhook-update \
    --id 585bea36-bdd1-4bfb-9a26-51f1f8a12660 \
    --prototype '{"type": "ibm_event_notifications", "name": "Event Notifications Integration", "url": "https://example.com", "ibm_event_notifications": {"event_notifications_instance_id": "9fab83da-98cb-4f18-a7ba-b6f0435c9673", "region_id": "eu-es", "source_id": "crn:v1:staging:public:logs:eu-gb:a/223af6f4260f42ebe23e95fcddd33cb7:63a3e4be-cb73-4f52-898e-8e93484a70a5::", "source_name": "IBM Cloud Event Notifications"}}'

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs outgoing-webhook-update \
    --id 585bea36-bdd1-4bfb-9a26-51f1f8a12660 \
    --type ibm_event_notifications \
    --name 'Event Notifications Integration' \
    --url https://example.com \
    --ibm-event-notifications outgoingWebhooksV1IbmEventNotificationsConfig

ibmcloud cloud-logs outgoing-webhook-delete

Delete an Outbound Integration.

ibmcloud cloud-logs outgoing-webhook-delete --id ID

Command options

--id (strfmt.UUID)

The ID of the Outbound Integration to delete. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

Example

ibmcloud cloud-logs outgoing-webhook-delete \
    --id 585bea36-bdd1-4bfb-9a26-51f1f8a12660

Policies

Create and manage TCO policies.

ibmcloud cloud-logs policy

Gets policy by id.

ibmcloud cloud-logs policy --id ID

Command options

--id (strfmt.UUID)

ID of policy. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

Example

ibmcloud cloud-logs policy \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f

ibmcloud cloud-logs policy-update

Updates an existing policy.

ibmcloud cloud-logs policy-update --id ID [--prototype PROTOTYPE | --name NAME --description DESCRIPTION --priority PRIORITY --application-rule APPLICATION-RULE --subsystem-rule SUBSYSTEM-RULE --archive-retention ARCHIVE-RETENTION --log-rules LOG-RULES]

Command options

--id (strfmt.UUID)

ID of policy. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

--prototype (PolicyPrototype)

Create policy request. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --prototype=@path/to/file.json.

--name (string)

Policy name. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--description (string)

Policy description. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\-\\s]+$/.

--priority (string)

The data pipeline sources that match the policy rules will go through. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Allowable values are: type_unspecified, type_block, type_low, type_medium, type_high.

--application-rule (QuotaV1Rule)

Rule for matching with application. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --application-rule=@path/to/file.json.

--subsystem-rule (QuotaV1Rule)

Rule for matching with application. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --subsystem-rule=@path/to/file.json.

--archive-retention (QuotaV1ArchiveRetention)

Archive retention definition. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --archive-retention=@path/to/file.json.

--log-rules (QuotaV1LogRules)

Log rules. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --log-rules=@path/to/file.json.

Examples

ibmcloud cloud-logs policy-update \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
    --prototype '{"name": "Med_policy", "description": "Medium policy", "priority": "type_high", "application_rule": {"rule_type_id": "is", "name": "test"}, "subsystem_rule": {"rule_type_id": "is", "name": "test"}, "archive_retention": {"id": "9fab83da-98cb-4f18-a7ba-b6f0435c9673"}, "log_rules": {"severities": ["unspecified","debug","verbose","info","warning","error","critical"]}}'

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs policy-update \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
    --name 'My Policy' \
    --description 'My Policy Description' \
    --priority type_high \
    --application-rule quotaV1Rule \
    --subsystem-rule quotaV1Rule \
    --archive-retention quotaV1ArchiveRetention \
    --log-rules quotaV1LogRules

ibmcloud cloud-logs policy-delete

Deletes an existing policy.

ibmcloud cloud-logs policy-delete --id ID

Command options

--id (strfmt.UUID)

ID of policy. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

Example

ibmcloud cloud-logs policy-delete \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f

ibmcloud cloud-logs policies

Gets policies.

ibmcloud cloud-logs policies [--enabled-only ENABLED-ONLY] [--source-type SOURCE-TYPE]

Command options

--enabled-only (bool)

Optionally filter only enabled policies.

--source-type (string)

Source type to filter policies by.

Allowable values are: unspecified, logs.

Example

ibmcloud cloud-logs policies \
    --enabled-only true \
    --source-type logs

ibmcloud cloud-logs policy-create

Creates a new policy.

ibmcloud cloud-logs policy-create [--prototype PROTOTYPE | --name NAME --description DESCRIPTION --priority PRIORITY --application-rule APPLICATION-RULE --subsystem-rule SUBSYSTEM-RULE --archive-retention ARCHIVE-RETENTION --log-rules LOG-RULES]

Command options

--prototype (PolicyPrototype)

Create policy request. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --prototype=@path/to/file.json.

--name (string)

Policy name. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--description (string)

Policy description. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\-\\s]+$/.

--priority (string)

The data pipeline sources that match the policy rules will go through. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Allowable values are: type_unspecified, type_block, type_low, type_medium, type_high.

--application-rule (QuotaV1Rule)

Rule for matching with application. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --application-rule=@path/to/file.json.

--subsystem-rule (QuotaV1Rule)

Rule for matching with application. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --subsystem-rule=@path/to/file.json.

--archive-retention (QuotaV1ArchiveRetention)

Archive retention definition. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --archive-retention=@path/to/file.json.

--log-rules (QuotaV1LogRules)

Log rules. This option provides a value for a sub-field of the JSON option 'prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --log-rules=@path/to/file.json.

Examples

ibmcloud cloud-logs policy-create \
    --prototype '{"name": "Med_policy", "description": "Medium Policy", "priority": "type_high", "application_rule": {"rule_type_id": "is", "name": "test"}, "subsystem_rule": {"rule_type_id": "is", "name": "test"}, "archive_retention": {"id": "9fab83da-98cb-4f18-a7ba-b6f0435c9673"}, "log_rules": {"severities": ["unspecified","debug","verbose","info","warning","error","critical"]}}'

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs policy-create \
    --name 'My Policy' \
    --description 'My Policy Description' \
    --priority type_high \
    --application-rule quotaV1Rule \
    --subsystem-rule quotaV1Rule \
    --archive-retention quotaV1ArchiveRetention \
    --log-rules quotaV1LogRules

Events to metrics

Create and manage your events to metrics definitions.

ibmcloud cloud-logs events2metrics-list

Lists event to metrics definitions.

ibmcloud cloud-logs events2metrics-list

Aliases

events2metrics-list, e2m-list

Example

ibmcloud cloud-logs events2metrics-list

ibmcloud cloud-logs events2metrics-create

Creates event to metrics definitions.

ibmcloud cloud-logs events2metrics-create [--event2-metric-prototype EVENT2-METRIC-PROTOTYPE | --event2-metric-name EVENT2-METRIC-NAME --event2-metric-description EVENT2-METRIC-DESCRIPTION --event2-metric-permutations-limit EVENT2-METRIC-PERMUTATIONS-LIMIT --event2-metric-metric-labels EVENT2-METRIC-METRIC-LABELS --event2-metric-metric-fields EVENT2-METRIC-METRIC-FIELDS --event2-metric-type EVENT2-METRIC-TYPE --event2-metric-logs-query EVENT2-METRIC-LOGS-QUERY]

Aliases

events2metrics-create, e2m-create

Command options

--event2-metric-prototype (Event2MetricPrototype)

E2M Create message. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --event2-metric-prototype=@path/to/file.json.

--event2-metric-name (string)

Name of E2M to create. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--event2-metric-description (string)

Description of E2M to create. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\-\\s]+$/.

--event2-metric-permutations-limit (int64)

The permutation limit of the E2M. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

--event2-metric-metric-labels (ApisEvents2metricsV2MetricLabel[])

E2M metric labels. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

The maximum length is 4096 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --event2-metric-metric-labels=@path/to/file.json.

--event2-metric-metric-fields (ApisEvents2metricsV2MetricField[])

E2M metric fields. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

The maximum length is 4096 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --event2-metric-metric-fields=@path/to/file.json.

--event2-metric-type (string)

E2M type. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

Allowable values are: unspecified, logs2metrics.

--event2-metric-logs-query (ApisLogs2metricsV2LogsQuery)

E2M logs query. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --event2-metric-logs-query=@path/to/file.json.

Examples

ibmcloud cloud-logs events2metrics-create \
    --event2-metric-prototype '{"name": "test em2", "description": "Test e2m", "permutations_limit": 1, "metric_labels": [{"target_label": "alias_label_name", "source_field": "log_obj.string_value"}], "metric_fields": [{"target_base_metric_name": "alias_field_name", "source_field": "log_obj.numeric_field", "aggregations": [{"enabled": true, "agg_type": "samples", "target_metric_name": "alias_field_name_agg_func", "samples": {"sample_type": "max"}}]}], "type": "logs2metrics", "logs_query": {"lucene": "logs", "alias": "new_query", "applicationname_filters": ["app_name"], "subsystemname_filters": ["sub_name"], "severity_filters": ["unspecified","debug","verbose","info","warning","error","critical"]}}'

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs events2metrics-create \
    --event2-metric-name 'Service catalog latency' \
    --event2-metric-description 'avg and max the latency of catalog service' \
    --event2-metric-permutations-limit 30000 \
    --event2-metric-metric-labels '[apisEvents2metricsV2MetricLabel]' \
    --event2-metric-metric-fields '[apisEvents2metricsV2MetricField]' \
    --event2-metric-type logs2metrics \
    --event2-metric-logs-query apisLogs2metricsV2LogsQuery

ibmcloud cloud-logs events2metrics

Gets event to metrics definitions by id.

ibmcloud cloud-logs events2metrics --id ID

Aliases

events2metrics, e2m

Command options

--id (string)

ID of e2m to be deleted. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

Example

ibmcloud cloud-logs events2metrics \
    --id d6a3658e-78d2-47d0-9b81-b2c551f01b09

ibmcloud cloud-logs events2metrics-update

Updates event to metrics definitions.

ibmcloud cloud-logs events2metrics-update --id ID [--event2-metric-prototype EVENT2-METRIC-PROTOTYPE | --event2-metric-name EVENT2-METRIC-NAME --event2-metric-description EVENT2-METRIC-DESCRIPTION --event2-metric-permutations-limit EVENT2-METRIC-PERMUTATIONS-LIMIT --event2-metric-metric-labels EVENT2-METRIC-METRIC-LABELS --event2-metric-metric-fields EVENT2-METRIC-METRIC-FIELDS --event2-metric-type EVENT2-METRIC-TYPE --event2-metric-logs-query EVENT2-METRIC-LOGS-QUERY]

Aliases

events2metrics-update, e2m-update

Command options

--id (string)

ID of e2m to be deleted. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--event2-metric-prototype (Event2MetricPrototype)

E2M Create message. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --event2-metric-prototype=@path/to/file.json.

--event2-metric-name (string)

Name of E2M to create. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--event2-metric-description (string)

Description of E2M to create. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\-\\s]+$/.

--event2-metric-permutations-limit (int64)

The permutation limit of the E2M. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

--event2-metric-metric-labels (ApisEvents2metricsV2MetricLabel[])

E2M metric labels. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

The maximum length is 4096 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --event2-metric-metric-labels=@path/to/file.json.

--event2-metric-metric-fields (ApisEvents2metricsV2MetricField[])

E2M metric fields. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

The maximum length is 4096 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --event2-metric-metric-fields=@path/to/file.json.

--event2-metric-type (string)

E2M type. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

Allowable values are: unspecified, logs2metrics.

--event2-metric-logs-query (ApisLogs2metricsV2LogsQuery)

E2M logs query. This option provides a value for a sub-field of the JSON option 'event2-metric-prototype'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --event2-metric-logs-query=@path/to/file.json.

Examples

ibmcloud cloud-logs events2metrics-update \
    --id d6a3658e-78d2-47d0-9b81-b2c551f01b09 \
    --event2-metric-prototype '{"name": "test em2", "description": "Test e2m updated", "permutations_limit": 1, "metric_labels": [{"target_label": "alias_label_name", "source_field": "log_obj.string_value"}], "metric_fields": [{"target_base_metric_name": "alias_field_name", "source_field": "log_obj.numeric_field", "aggregations": [{"enabled": true, "agg_type": "samples", "target_metric_name": "alias_field_name_agg_func", "samples": {"sample_type": "max"}}]}], "type": "logs2metrics", "logs_query": {"lucene": "logs", "alias": "new_query", "applicationname_filters": ["app_name"], "subsystemname_filters": ["sub_name"], "severity_filters": ["unspecified","debug","verbose","info","warning","error","critical"]}}'

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs events2metrics-update \
    --id d6a3658e-78d2-47d0-9b81-b2c551f01b09 \
    --event2-metric-name 'Service catalog latency' \
    --event2-metric-description 'avg and max the latency of catalog service' \
    --event2-metric-permutations-limit 30000 \
    --event2-metric-metric-labels '[apisEvents2metricsV2MetricLabel]' \
    --event2-metric-metric-fields '[apisEvents2metricsV2MetricField]' \
    --event2-metric-type logs2metrics \
    --event2-metric-logs-query apisLogs2metricsV2LogsQuery

ibmcloud cloud-logs events2metrics-delete

Deletes event to metrics definitions by id.

ibmcloud cloud-logs events2metrics-delete --id ID

Aliases

events2metrics-delete, e2m-delete

Command options

--id (string)

ID of e2m to be deleted. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

Example

ibmcloud cloud-logs events2metrics-delete \
    --id d6a3658e-78d2-47d0-9b81-b2c551f01b09

Views

Create and manage views.

ibmcloud cloud-logs views

Lists all company public views.

ibmcloud cloud-logs views

Example

ibmcloud cloud-logs views

ibmcloud cloud-logs view-create

Creates a new view.

ibmcloud cloud-logs view-create --name NAME [--time-selection TIME-SELECTION | --time-selection-quick-selection TIME-SELECTION-QUICK-SELECTION --time-selection-custom-selection TIME-SELECTION-CUSTOM-SELECTION] [--search-query SEARCH-QUERY ] [--filters FILTERS ] [--folder-id FOLDER-ID]

Command options

--name (string)

View name. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--time-selection (ApisViewsV1TimeSelection)

View time selection. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --time-selection=@path/to/file.json.

--search-query (ApisViewsV1SearchQuery)

View search query. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --search-query=@path/to/file.json.

--filters (ApisViewsV1SelectedFilters)

View selected filters. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --filters=@path/to/file.json.

--folder-id (strfmt.UUID)

View folder ID.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

--time-selection-quick-selection (ApisViewsV1QuickTimeSelection)

Quick time selection. This option provides a value for a sub-field of the JSON option 'time-selection'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --time-selection-quick-selection=@path/to/file.json.

--time-selection-custom-selection (ApisViewsV1CustomTimeSelection)

Custom time selection. This option provides a value for a sub-field of the JSON option 'time-selection'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --time-selection-custom-selection=@path/to/file.json.

Examples

ibmcloud cloud-logs view-create \
    --name 'Logs view' \
    --time-selection '{"custom_selection": {"from_time": "2024-01-25T11:31:43.152Z", "to_time": "2024-01-25T11:37:13.238Z"}}' \
    --search-query '{"query": "logs"}' \
    --filters '{"filters": [{"name": "applicationName", "selected_values": {}}]}' \
    --folder-id 9fab83da-98cb-4f18-a7ba-b6f0435c9673

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs view-create \
    --name 'Logs view' \
    --folder-id 9fab83da-98cb-4f18-a7ba-b6f0435c9673 \
    --time-selection-custom-selection apisViewsV1CustomTimeSelection \
    --search-query-query error \
    --filters-filters '[apisViewsV1Filter]'

ibmcloud cloud-logs view

Gets a view by ID.

ibmcloud cloud-logs view --id ID

Command options

--id (int64)
View ID. Required.

Example

ibmcloud cloud-logs view \
    --id 52

ibmcloud cloud-logs view-update

Replaces an existing view.

ibmcloud cloud-logs view-update --id ID --name NAME [--time-selection TIME-SELECTION | --time-selection-quick-selection TIME-SELECTION-QUICK-SELECTION --time-selection-custom-selection TIME-SELECTION-CUSTOM-SELECTION] [--search-query SEARCH-QUERY ] [--filters FILTERS ] [--folder-id FOLDER-ID]

Command options

--id (int64)

View ID. Required.

--name (string)

View name. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--time-selection (ApisViewsV1TimeSelection)

View time selection. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --time-selection=@path/to/file.json.

--search-query (ApisViewsV1SearchQuery)

View search query. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --search-query=@path/to/file.json.

--filters (ApisViewsV1SelectedFilters)

View selected filters. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --filters=@path/to/file.json.

--folder-id (strfmt.UUID)

View folder ID.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

--time-selection-quick-selection (ApisViewsV1QuickTimeSelection)

Quick time selection. This option provides a value for a sub-field of the JSON option 'time-selection'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --time-selection-quick-selection=@path/to/file.json.

--time-selection-custom-selection (ApisViewsV1CustomTimeSelection)

Custom time selection. This option provides a value for a sub-field of the JSON option 'time-selection'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --time-selection-custom-selection=@path/to/file.json.

Examples

ibmcloud cloud-logs view-update \
    --id 52 \
    --name 'Logs view' \
    --time-selection '{"custom_selection": {"from_time": "2024-01-25T11:31:43.152Z", "to_time": "2024-01-25T11:37:13.238Z"}}' \
    --search-query '{"query": "logs new"}' \
    --filters '{"filters": [{"name": "applicationName", "selected_values": {}}]}' \
    --folder-id 9fab83da-98cb-4f18-a7ba-b6f0435c9673

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs view-update \
    --id 52 \
    --name 'Logs view' \
    --folder-id 9fab83da-98cb-4f18-a7ba-b6f0435c9673 \
    --time-selection-custom-selection apisViewsV1CustomTimeSelection \
    --search-query-query error \
    --filters-filters '[apisViewsV1Filter]'

ibmcloud cloud-logs view-delete

Deletes a view by ID.

ibmcloud cloud-logs view-delete --id ID

Command options

--id (int64)
View ID. Required.

Example

ibmcloud cloud-logs view-delete \
    --id 52

Folders for views

Create and manage view folders.

ibmcloud cloud-logs view-folders

List view's folders.

ibmcloud cloud-logs view-folders

Example

ibmcloud cloud-logs view-folders

ibmcloud cloud-logs view-folder-create

Create view folder.

ibmcloud cloud-logs view-folder-create --name NAME

Command options

--name (string)

View folder name. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

Example

ibmcloud cloud-logs view-folder-create \
    --name 'My Folder'

ibmcloud cloud-logs view-folder

Get view folder.

ibmcloud cloud-logs view-folder --id ID

Command options

--id (strfmt.UUID)

Folder ID. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

Example

ibmcloud cloud-logs view-folder \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f

ibmcloud cloud-logs view-folder-update

Replaces an existing view folder.

ibmcloud cloud-logs view-folder-update --id ID --name NAME

Command options

--id (strfmt.UUID)

Folder ID. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

--name (string)

View folder name. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

Example

ibmcloud cloud-logs view-folder-update \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
    --name 'My Folder'

ibmcloud cloud-logs view-folder-delete

Deletes a view folder by ID.

ibmcloud cloud-logs view-folder-delete --id ID

Command options

--id (strfmt.UUID)

Folder ID. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

Example

ibmcloud cloud-logs view-folder-delete \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f

Data access rules

Create and manage Data Access Rules.

ibmcloud cloud-logs data-access-rules

List service instance's Data Access Rules with provided ids.

ibmcloud cloud-logs data-access-rules [--id ID]

Command options

--id ([]strfmt.UUID)

Array of data access rule IDs.

The list items must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/. The maximum length is 4096 items. The minimum length is 0 items.

Example

ibmcloud cloud-logs data-access-rules \
    --id 4f966911-4bda-407e-b069-477394effa59

ibmcloud cloud-logs data-access-rule-create

Create a Data Access Rule.

ibmcloud cloud-logs data-access-rule-create --display-name DISPLAY-NAME --filters FILTERS --default-expression DEFAULT-EXPRESSION [--description DESCRIPTION]

Command options

--display-name (string)

Display Name for new Data Access Rule. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--filters (DataAccessRuleFilter[])

Filters for new Data Access Rule. Required.

The maximum length is 4096 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --filters=@path/to/file.json.

--default-expression (string)

Default Expression for new Data Access Rule. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|'<> ]+$/.

--description (string)

Description for new Data Access Rule.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\-\\s]+$/.

Example

ibmcloud cloud-logs data-access-rule-create \
    --display-name 'Test Data Access Rule' \
    --filters '[{"entity_type": "logs", "expression": "<v1> foo == \'bar\'"}]' \
    --default-expression '<v1>true' \
    --description 'Data Access Rule intended for testing'

ibmcloud cloud-logs data-access-rule-update

Update a Data Access Rule.

ibmcloud cloud-logs data-access-rule-update --id ID --display-name DISPLAY-NAME --filters FILTERS --default-expression DEFAULT-EXPRESSION [--description DESCRIPTION]

Command options

--id (strfmt.UUID)

ID of Data Access Rule to be deleted. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

--display-name (string)

Display Name for new Data Access Rule. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--filters (DataAccessRuleFilter[])

Filters for new Data Access Rule. Required.

The maximum length is 4096 items. The minimum length is 0 items.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --filters=@path/to/file.json.

--default-expression (string)

Default Expression for new Data Access Rule. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|'<> ]+$/.

--description (string)

Description for new Data Access Rule.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\-\\s]+$/.

Example

ibmcloud cloud-logs data-access-rule-update \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f \
    --display-name 'Test Data Access Rule' \
    --filters '[{"entity_type": "logs", "expression": "<v1> foo == \'bar\'"}]' \
    --default-expression '<v1>true' \
    --description 'Data Access Rule intended for testing'

ibmcloud cloud-logs data-access-rule-delete

Delete a Data Access Rule.

ibmcloud cloud-logs data-access-rule-delete --id ID

Command options

--id (strfmt.UUID)

ID of Data Access Rule to be deleted. Required.

The maximum length is 36 characters. The minimum length is 36 characters. The value must match regular expression /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/.

Example

ibmcloud cloud-logs data-access-rule-delete \
    --id 3dc02998-0b50-4ea8-b68a-4779d716fa1f

Enrichments

Create and manage enrichments.

ibmcloud cloud-logs enrichments

List all enrichments.

ibmcloud cloud-logs enrichments

Example

ibmcloud cloud-logs enrichments

ibmcloud cloud-logs enrichment-create

Create an enrichment.

ibmcloud cloud-logs enrichment-create --field-name FIELD-NAME [--enrichment-type ENRICHMENT-TYPE | --enrichment-type-geo-ip ENRICHMENT-TYPE-GEO-IP --enrichment-type-suspicious-ip ENRICHMENT-TYPE-SUSPICIOUS-IP --enrichment-type-custom-enrichment ENRICHMENT-TYPE-CUSTOM-ENRICHMENT]

Command options

--field-name (string)

The name of the field to enrich. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--enrichment-type (EnrichmentV1EnrichmentType)

The enrichment type. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --enrichment-type=@path/to/file.json.

--enrichment-type-geo-ip (EnrichmentV1GeoIpTypeEmpty)

The geo ip enrichment. This option provides a value for a sub-field of the JSON option 'enrichment-type'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --enrichment-type-geo-ip=@path/to/file.json.

--enrichment-type-suspicious-ip (EnrichmentV1SuspiciousIpTypeEmpty)

The suspicious ip enrichment. This option provides a value for a sub-field of the JSON option 'enrichment-type'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --enrichment-type-suspicious-ip=@path/to/file.json.

--enrichment-type-custom-enrichment (EnrichmentV1CustomEnrichmentType)

The custom enrichment. This option provides a value for a sub-field of the JSON option 'enrichment-type'. It is mutually exclusive with that option.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --enrichment-type-custom-enrichment=@path/to/file.json.

Examples

ibmcloud cloud-logs enrichment-create \
    --field-name ip \
    --enrichment-type '{"geo_ip": {}}'

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs enrichment-create \
    --field-name ip \
    --enrichment-type-geo-ip enrichmentV1GeoIpTypeEmpty

ibmcloud cloud-logs enrichment-delete

Delete enrichments.

ibmcloud cloud-logs enrichment-delete --id ID

Command options

--id (int64)

The enrichment ID. Required.

The maximum value is 4294967295. The minimum value is 0.

Example

ibmcloud cloud-logs enrichment-delete \
    --id 1

Data usage metrics

Data usage service.

ibmcloud cloud-logs data-usage-metrics-export-status

Get data usage metrics export status.

ibmcloud cloud-logs data-usage-metrics-export-status

Example

ibmcloud cloud-logs data-usage-metrics-export-status

ibmcloud cloud-logs data-usage-metrics-export-status-update

Update data usage metrics export status.

ibmcloud cloud-logs data-usage-metrics-export-status-update --enabled ENABLED

Command options

--enabled (bool)
The "enabled" parameter for metrics export. Required.

Example

ibmcloud cloud-logs data-usage-metrics-export-status-update \
    --enabled true

QueryService

Query and process your logs.

ibmcloud cloud-logs query

Run a query to search the logs.

ibmcloud cloud-logs query --query QUDATAPRIME_OR_LUCENE_QUERY [--metadata METADATA | --start-date START-DATE --end-date END-DATE --default-source DEFAULT-SOURCE --tier TIER --syntax SYNTAX --limit LIMIT --strict-fields-validation STRICT-FIELDS-VALIDATION] [--since SINCE] [--local-time LOCAL-TIME]

Command options

--query (string)

The query for which you are seeking results. Required.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--metadata (ApisDataprimeV1Metadata)

Configuration for query execution. This JSON option can instead be provided by setting individual fields with other options. It is mutually exclusive with those options.

Provide a JSON string option or specify a JSON file to read from by providing a filepath option that begins with a @, e.g. --metadata=@path/to/file.json.

--start-date (strfmt.DateTime)

Beginning of the time range for the query. Default: end - 15 min or current time - 15 min if end is not defined. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.

--end-date (strfmt.DateTime)

End of the time range for the query. Default: start + 15 min or current time if start is not defined. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.

--default-source (string)

Default value for the source to be used when the source is omitted in a query. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.

The maximum length is 4096 characters. The minimum length is 1 character. The value must match regular expression /^[A-Za-z0-9_\\.,\\-"{}()\\[\\]=!:#\/$|' ]+$/.

--tier (string)

Tier on which the query runs. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.

Allowable values are: unspecified, archive, frequent_search.

--syntax (string)

The syntax in which the query is written. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.

Allowable values are: unspecified, lucene, dataprime.

--limit (int64)

Limit the number of results. Default: 2000; max for TIER_FREQUENT_SEARCH: 12000; max for TIER_ARCHIVE: 50000. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.

--strict-fields-validation (bool)

Prohibit the use of unknown fields, i.e., those not detected in the ingested data. Default: false. This option provides a value for a sub-field of the JSON option 'metadata'. It is mutually exclusive with that option.

--since (duration)

Query lookback window. Default 1h. Using this flag overrides metadata-start-date and metadata-end-date.

--local-time (bool)

Converts the timestamp of the logs to local time.

Examples

ibmcloud cloud-logs query \
    --query 'source logs | filter $d.apiVersion == 42' \
    --metadata '{"start_date": "2021-01-01T00:00:00.000Z", "end_date": "2021-01-01T00:00:00.000Z", "default_source": "logs", "tier": "frequent_search", "syntax": "dataprime", "limit": 2000, "strict_fields_validation": true}'

Alternatively, granular options are available for the sub-fields of JSON string options:

ibmcloud cloud-logs query \
    --query 'source logs | filter $d.apiVersion == 42' \
    --start-date 2021-01-01T00:00:00.000Z \
    --end-date 2021-01-01T00:00:00.000Z \
    --default-source logs \
    --tier frequent_search \
    --syntax dataprime \
    --limit 2000 \
    --strict-fields-validation true

Schema examples

The following schema examples represent the data that you need to specify for a command option. These examples model the data structure and include placeholder values for the expected value type. When you run a command, replace these values with the values that apply to your environment as appropriate.

AlertsV1AlertActiveWhen

The following example shows the format of the AlertsV1AlertActiveWhen object.


{
  "timeframes" : [ {
    "days_of_week" : [ "monday_or_unspecified", "tuesday", "wednesday", "thursday", "friday", "saturday", "sunday" ],
    "range" : {
      "start" : {
        "hours" : 18,
        "minutes" : 30,
        "seconds" : 0
      },
      "end" : {
        "hours" : 18,
        "minutes" : 30,
        "seconds" : 0
      }
    }
  } ]
}

AlertsV1AlertFilters

The following example shows the format of the AlertsV1AlertFilters object.


{
  "severities" : [ "debug_or_unspecified", "verbose", "info", "warning", "error", "critical" ],
  "metadata" : {
    "applications" : [ "CpuMonitoring", "WebApi" ],
    "subsystems" : [ "SnapshotGenerator", "PermissionControl" ]
  },
  "alias" : "monitorQuery",
  "text" : "initiator.id.keyword:iam-ServiceId-10820fd6-c3fe-414e-8fd5-44ce95f7d34d AND action.keyword:cloud-object-storage.object.create",
  "ratio_alerts" : [ {
    "alias" : "TopLevelAlert",
    "text" : "_exists_:\"container_name\"",
    "severities" : [ "debug_or_unspecified", "verbose", "info", "warning", "error", "critical" ],
    "applications" : [ "CpuMonitoring", "WebApi" ],
    "subsystems" : [ "SnapshotGenerator", "PermissionControl" ],
    "group_by" : [ "Host", "Thread" ]
  } ],
  "filter_type" : "text_or_unspecified"
}

AlertsV1AlertFiltersMetadataFilters

The following example shows the format of the AlertsV1AlertFiltersMetadataFilters object.


{
  "applications" : [ "CpuMonitoring", "WebApi" ],
  "subsystems" : [ "SnapshotGenerator", "PermissionControl" ]
}

AlertsV1Date

The following example shows the format of the AlertsV1Date object.


{
  "year" : 2012,
  "month" : 12,
  "day" : 24
}

AlertsV1MetaLabel[]

The following example shows the format of the AlertsV1MetaLabel[] object.


[ {
  "key" : "env",
  "value" : "dev"
} ]

AlertsV2AlertCondition

The following example shows the format of the AlertsV2AlertCondition object.


{
  "more_than" : {
    "parameters" : {
      "threshold" : 1,
      "timeframe" : "timeframe_10_min",
      "group_by" : [ "coralogix.metadata.applicationName" ],
      "metric_alert_parameters" : {
        "metric_field" : "cpu_usage",
        "metric_source" : "prometheus",
        "arithmetic_operator" : "percentile",
        "arithmetic_operator_modifier" : 1,
        "sample_threshold_percentage" : 100,
        "non_null_percentage" : 100,
        "swap_null_values" : true
      },
      "metric_alert_promql_parameters" : {
        "promql_text" : "sum(rate(container_cpu_usage_seconds_total{container_name=\"my-container\"}[5m])) by (pod_name)",
        "arithmetic_operator_modifier" : 1,
        "sample_threshold_percentage" : 100,
        "non_null_percentage" : 100,
        "swap_null_values" : true
      },
      "ignore_infinity" : true,
      "relative_timeframe" : "hour_or_unspecified",
      "cardinality_fields" : [ ],
      "related_extended_data" : {
        "cleanup_deadman_duration" : "cleanup_deadman_duration_24h",
        "should_trigger_deadman" : true
      }
    },
    "evaluation_window" : "rolling_or_unspecified"
  }
}

AlertsV2AlertIncidentSettings

The following example shows the format of the AlertsV2AlertIncidentSettings object.


{
  "retriggering_period_seconds" : 300,
  "notify_on" : "triggered_only",
  "use_as_notification_settings" : true
}

AlertsV2AlertNotificationGroups[]

The following example shows the format of the AlertsV2AlertNotificationGroups[] object.


[ {
  "group_by_fields" : [ "coralogix.metadata.applicationName" ],
  "notifications" : [ {
    "retriggering_period_seconds" : 60,
    "notify_on" : "triggered_and_resolved",
    "integration_id" : 123
  } ]
} ]

ApisLogs2metricsV2LogsQuery

The following example shows the format of the ApisLogs2metricsV2LogsQuery object.


{
  "lucene" : "logs",
  "alias" : "new_query",
  "applicationname_filters" : [ "app_name" ],
  "subsystemname_filters" : [ "sub_name" ],
  "severity_filters" : [ "unspecified", "debug", "verbose", "info", "warning", "error", "critical" ]
}

ApisViewsV1CustomTimeSelection

The following example shows the format of the ApisViewsV1CustomTimeSelection object.


{
  "from_time" : "2024-01-25T11:31:43.152Z",
  "to_time" : "2024-01-25T11:37:13.238Z"
}

ApisViewsV1SearchQuery

The following example shows the format of the ApisViewsV1SearchQuery object.


{
  "query" : "logs"
}

ApisViewsV1SelectedFilters

The following example shows the format of the ApisViewsV1SelectedFilters object.


{
  "filters" : [ {
    "name" : "applicationName",
    "selected_values" : { }
  } ]
}

ApisViewsV1TimeSelection

The following example shows the format of the ApisViewsV1TimeSelection object.


{
  "custom_selection" : {
    "from_time" : "2024-01-25T11:31:43.152Z",
    "to_time" : "2024-01-25T11:37:13.238Z"
  }
}

DataAccessRuleFilter[]

The following example shows the format of the DataAccessRuleFilter[] object.


[ {
  "entity_type" : "logs",
  "expression" : "<v1> foo == 'bar'"
} ]

EnrichmentV1EnrichmentType

The following example shows the format of the EnrichmentV1EnrichmentType object.


{
  "geo_ip" : { }
}

EnrichmentV1GeoIpTypeEmpty

The following example shows the format of the EnrichmentV1GeoIpTypeEmpty object.


{ }

Event2MetricPrototype

The following example shows the format of the Event2MetricPrototype object.


{
  "name" : "test em2",
  "description" : "Test e2m",
  "permutations_limit" : 1,
  "metric_labels" : [ {
    "target_label" : "alias_label_name",
    "source_field" : "log_obj.string_value"
  } ],
  "metric_fields" : [ {
    "target_base_metric_name" : "alias_field_name",
    "source_field" : "log_obj.numeric_field",
    "aggregations" : [ {
      "enabled" : true,
      "agg_type" : "samples",
      "target_metric_name" : "alias_field_name_agg_func",
      "samples" : {
        "sample_type" : "max"
      }
    } ]
  } ],
  "type" : "logs2metrics",
  "logs_query" : {
    "lucene" : "logs",
    "alias" : "new_query",
    "applicationname_filters" : [ "app_name" ],
    "subsystemname_filters" : [ "sub_name" ],
    "severity_filters" : [ "unspecified", "debug", "verbose", "info", "warning", "error", "critical" ]
  }
}

OutgoingWebhookPrototype

The following example shows the format of the OutgoingWebhookPrototype object.


{
  "type" : "ibm_event_notifications",
  "name" : "Event Notifications Integration",
  "url" : "https://example.com",
  "ibm_event_notifications" : {
    "event_notifications_instance_id" : "9fab83da-98cb-4f18-a7ba-b6f0435c9673",
    "region_id" : "eu-es",
    "source_id" : "crn:v1:staging:public:logs:eu-gb:a/223af6f4260f42ebe23e95fcddd33cb7:63a3e4be-cb73-4f52-898e-8e93484a70a5::",
    "source_name" : "IBM Cloud Event Notifications"
  }
}

OutgoingWebhooksV1IbmEventNotificationsConfig

The following example shows the format of the OutgoingWebhooksV1IbmEventNotificationsConfig object.


{
  "event_notifications_instance_id" : "9fab83da-98cb-4f18-a7ba-b6f0435c9673",
  "region_id" : "eu-es",
  "source_id" : "crn:v1:staging:public:logs:eu-gb:a/223af6f4260f42ebe23e95fcddd33cb7:63a3e4be-cb73-4f52-898e-8e93484a70a5::",
  "source_name" : "IBM Cloud Event Notifications"
}

PolicyPrototype

The following example shows the format of the PolicyPrototype object.


{
  "name" : "Med_policy",
  "description" : "Medium policy",
  "priority" : "type_high",
  "application_rule" : {
    "rule_type_id" : "is",
    "name" : "test"
  },
  "subsystem_rule" : {
    "rule_type_id" : "is",
    "name" : "test"
  },
  "archive_retention" : {
    "id" : "9fab83da-98cb-4f18-a7ba-b6f0435c9673"
  },
  "log_rules" : {
    "severities" : [ "unspecified", "debug", "verbose", "info", "warning", "error", "critical" ]
  }
}

QuotaV1ArchiveRetention

The following example shows the format of the QuotaV1ArchiveRetention object.


{
  "id" : "9fab83da-98cb-4f18-a7ba-b6f0435c9673"
}

QuotaV1LogRules

The following example shows the format of the QuotaV1LogRules object.


{
  "severities" : [ "unspecified", "debug", "verbose", "info", "warning", "error", "critical" ]
}

QuotaV1Rule

The following example shows the format of the QuotaV1Rule object.


{
  "rule_type_id" : "is",
  "name" : "test"
}

RulesV1CreateRuleGroupRequestCreateRuleSubgroup[]

The following example shows the format of the RulesV1CreateRuleGroupRequestCreateRuleSubgroup[] object.


[ {
  "rules" : [ {
    "name" : "mysql-parse",
    "description" : "mysql-parse",
    "source_field" : "text",
    "parameters" : {
      "parse_parameters" : {
        "destination_field" : "text",
        "rule" : "(?P<timestamp>[^,]+),(?P<hostname>[^,]+),(?P<username>[^,]+),(?P<ip>[^,]+),(?P<connectionId>[0-9]+),(?P<queryId>[0-9]+),(?P<operation>[^,]+),(?P<database>[^,]+),'?(?P<object>.*)'?,(?P<returnCode>[0-9]+)"
      }
    },
    "enabled" : true,
    "order" : 1
  } ],
  "enabled" : true,
  "order" : 1
} ]

RulesV1RuleMatcher[]

The following example shows the format of the RulesV1RuleMatcher[] object.


[ {
  "subsystem_name" : {
    "value" : "mysql"
  }
} ]