Docs Home
Packages
Sumo Logic v0.23.4 published on Friday, Sep 20, 2024 by Pulumi
sumologic.CseAggregationRule
Explore with Pulumi AI
Provides a Sumo Logic CSE Aggregation Rule.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";
const aggregationRule = new sumologic.CseAggregationRule("aggregation_rule", {
aggregationFunctions: [{
name: "distinct_eventid_count",
"function": "count_distinct",
arguments: ["metadata_deviceEventId"],
}],
descriptionExpression: "Signal description",
enabled: true,
entitySelectors: [{
entityType: "_ip",
expression: "srcDevice_ip",
}],
groupByEntity: true,
groupByFields: ["dstDevice_hostname"],
matchExpression: "objectType = \"Network\"",
isPrototype: false,
name: "Aggregation Rule Example",
nameExpression: "Signal name",
severityMapping: {
type: "constant",
"default": 5,
},
summaryExpression: "Signal summary",
tags: ["_mitreAttackTactic:TA0009"],
triggerExpression: "distinct_eventid_count > 5",
windowSize: "T30M",
suppressionWindowSize: 2100000,
});
import pulumi
import pulumi_sumologic as sumologic
aggregation_rule = sumologic.CseAggregationRule("aggregation_rule",
aggregation_functions=[{
"name": "distinct_eventid_count",
"function": "count_distinct",
"arguments": ["metadata_deviceEventId"],
}],
description_expression="Signal description",
enabled=True,
entity_selectors=[{
"entity_type": "_ip",
"expression": "srcDevice_ip",
}],
group_by_entity=True,
group_by_fields=["dstDevice_hostname"],
match_expression="objectType = \"Network\"",
is_prototype=False,
name="Aggregation Rule Example",
name_expression="Signal name",
severity_mapping={
"type": "constant",
"default": 5,
},
summary_expression="Signal summary",
tags=["_mitreAttackTactic:TA0009"],
trigger_expression="distinct_eventid_count > 5",
window_size="T30M",
suppression_window_size=2100000)
package main
import (
"github.com/pulumi/pulumi-sumologic/sdk/go/sumologic"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sumologic.NewCseAggregationRule(ctx, "aggregation_rule", &sumologic.CseAggregationRuleArgs{
AggregationFunctions: sumologic.CseAggregationRuleAggregationFunctionArray{
&sumologic.CseAggregationRuleAggregationFunctionArgs{
Name: pulumi.String("distinct_eventid_count"),
Function: pulumi.String("count_distinct"),
Arguments: pulumi.StringArray{
pulumi.String("metadata_deviceEventId"),
},
},
},
DescriptionExpression: pulumi.String("Signal description"),
Enabled: pulumi.Bool(true),
EntitySelectors: sumologic.CseAggregationRuleEntitySelectorArray{
&sumologic.CseAggregationRuleEntitySelectorArgs{
EntityType: pulumi.String("_ip"),
Expression: pulumi.String("srcDevice_ip"),
},
},
GroupByEntity: pulumi.Bool(true),
GroupByFields: pulumi.StringArray{
pulumi.String("dstDevice_hostname"),
},
MatchExpression: pulumi.String("objectType = \"Network\""),
IsPrototype: pulumi.Bool(false),
Name: pulumi.String("Aggregation Rule Example"),
NameExpression: pulumi.String("Signal name"),
SeverityMapping: &sumologic.CseAggregationRuleSeverityMappingArgs{
Type: pulumi.String("constant"),
Default: pulumi.Int(5),
},
SummaryExpression: pulumi.String("Signal summary"),
Tags: pulumi.StringArray{
pulumi.String("_mitreAttackTactic:TA0009"),
},
TriggerExpression: pulumi.String("distinct_eventid_count > 5"),
WindowSize: pulumi.String("T30M"),
SuppressionWindowSize: pulumi.Int(2100000),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using SumoLogic = Pulumi.SumoLogic;
return await Deployment.RunAsync(() =>
{
var aggregationRule = new SumoLogic.CseAggregationRule("aggregation_rule", new()
{
AggregationFunctions = new[]
{
new SumoLogic.Inputs.CseAggregationRuleAggregationFunctionArgs
{
Name = "distinct_eventid_count",
Function = "count_distinct",
Arguments = new[]
{
"metadata_deviceEventId",
},
},
},
DescriptionExpression = "Signal description",
Enabled = true,
EntitySelectors = new[]
{
new SumoLogic.Inputs.CseAggregationRuleEntitySelectorArgs
{
EntityType = "_ip",
Expression = "srcDevice_ip",
},
},
GroupByEntity = true,
GroupByFields = new[]
{
"dstDevice_hostname",
},
MatchExpression = "objectType = \"Network\"",
IsPrototype = false,
Name = "Aggregation Rule Example",
NameExpression = "Signal name",
SeverityMapping = new SumoLogic.Inputs.CseAggregationRuleSeverityMappingArgs
{
Type = "constant",
Default = 5,
},
SummaryExpression = "Signal summary",
Tags = new[]
{
"_mitreAttackTactic:TA0009",
},
TriggerExpression = "distinct_eventid_count > 5",
WindowSize = "T30M",
SuppressionWindowSize = 2100000,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.CseAggregationRule;
import com.pulumi.sumologic.CseAggregationRuleArgs;
import com.pulumi.sumologic.inputs.CseAggregationRuleAggregationFunctionArgs;
import com.pulumi.sumologic.inputs.CseAggregationRuleEntitySelectorArgs;
import com.pulumi.sumologic.inputs.CseAggregationRuleSeverityMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var aggregationRule = new CseAggregationRule("aggregationRule", CseAggregationRuleArgs.builder()
.aggregationFunctions(CseAggregationRuleAggregationFunctionArgs.builder()
.name("distinct_eventid_count")
.function("count_distinct")
.arguments("metadata_deviceEventId")
.build())
.descriptionExpression("Signal description")
.enabled(true)
.entitySelectors(CseAggregationRuleEntitySelectorArgs.builder()
.entityType("_ip")
.expression("srcDevice_ip")
.build())
.groupByEntity(true)
.groupByFields("dstDevice_hostname")
.matchExpression("objectType = \"Network\"")
.isPrototype(false)
.name("Aggregation Rule Example")
.nameExpression("Signal name")
.severityMapping(CseAggregationRuleSeverityMappingArgs.builder()
.type("constant")
.default_(5)
.build())
.summaryExpression("Signal summary")
.tags("_mitreAttackTactic:TA0009")
.triggerExpression("distinct_eventid_count > 5")
.windowSize("T30M")
.suppressionWindowSize(2100000)
.build());
}
}
resources:
aggregationRule:
type: sumologic:CseAggregationRule
name: aggregation_rule
properties:
aggregationFunctions:
- name: distinct_eventid_count
function: count_distinct
arguments:
- metadata_deviceEventId
descriptionExpression: Signal description
enabled: true
entitySelectors:
- entityType: _ip
expression: srcDevice_ip
groupByEntity: true
groupByFields:
- dstDevice_hostname
matchExpression: objectType = "Network"
isPrototype: false
name: Aggregation Rule Example
nameExpression: Signal name
severityMapping:
type: constant
default: 5
summaryExpression: Signal summary
tags:
- _mitreAttackTactic:TA0009
triggerExpression: distinct_eventid_count > 5
windowSize: T30M
suppressionWindowSize: 2.1e+06
Create CseAggregationRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CseAggregationRule(name: string, args: CseAggregationRuleArgs, opts?: CustomResourceOptions);@overload
def CseAggregationRule(resource_name: str,
args: CseAggregationRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CseAggregationRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
name_expression: Optional[str] = None,
description_expression: Optional[str] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseAggregationRuleEntitySelectorArgs]] = None,
window_size: Optional[str] = None,
trigger_expression: Optional[str] = None,
severity_mapping: Optional[CseAggregationRuleSeverityMappingArgs] = None,
match_expression: Optional[str] = None,
aggregation_functions: Optional[Sequence[CseAggregationRuleAggregationFunctionArgs]] = None,
name: Optional[str] = None,
is_prototype: Optional[bool] = None,
summary_expression: Optional[str] = None,
suppression_window_size: Optional[int] = None,
tags: Optional[Sequence[str]] = None,
group_by_fields: Optional[Sequence[str]] = None,
group_by_entity: Optional[bool] = None,
window_size_millis: Optional[str] = None)func NewCseAggregationRule(ctx *Context, name string, args CseAggregationRuleArgs, opts ...ResourceOption) (*CseAggregationRule, error)public CseAggregationRule(string name, CseAggregationRuleArgs args, CustomResourceOptions? opts = null)
public CseAggregationRule(String name, CseAggregationRuleArgs args)
public CseAggregationRule(String name, CseAggregationRuleArgs args, CustomResourceOptions options)
type: sumologic:CseAggregationRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CseAggregationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CseAggregationRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CseAggregationRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CseAggregationRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CseAggregationRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var cseAggregationRuleResource = new SumoLogic.CseAggregationRule("cseAggregationRuleResource", new()
{
NameExpression = "string",
DescriptionExpression = "string",
Enabled = false,
EntitySelectors = new[]
{
new SumoLogic.Inputs.CseAggregationRuleEntitySelectorArgs
{
EntityType = "string",
Expression = "string",
},
},
WindowSize = "string",
TriggerExpression = "string",
SeverityMapping = new SumoLogic.Inputs.CseAggregationRuleSeverityMappingArgs
{
Type = "string",
Default = 0,
Field = "string",
Mappings = new[]
{
new SumoLogic.Inputs.CseAggregationRuleSeverityMappingMappingArgs
{
From = "string",
To = 0,
Type = "string",
},
},
},
MatchExpression = "string",
AggregationFunctions = new[]
{
new SumoLogic.Inputs.CseAggregationRuleAggregationFunctionArgs
{
Arguments = new[]
{
"string",
},
Function = "string",
Name = "string",
},
},
Name = "string",
IsPrototype = false,
SummaryExpression = "string",
SuppressionWindowSize = 0,
Tags = new[]
{
"string",
},
GroupByFields = new[]
{
"string",
},
GroupByEntity = false,
WindowSizeMillis = "string",
});
example, err := sumologic.NewCseAggregationRule(ctx, "cseAggregationRuleResource", &sumologic.CseAggregationRuleArgs{
NameExpression: pulumi.String("string"),
DescriptionExpression: pulumi.String("string"),
Enabled: pulumi.Bool(false),
EntitySelectors: sumologic.CseAggregationRuleEntitySelectorArray{
&sumologic.CseAggregationRuleEntitySelectorArgs{
EntityType: pulumi.String("string"),
Expression: pulumi.String("string"),
},
},
WindowSize: pulumi.String("string"),
TriggerExpression: pulumi.String("string"),
SeverityMapping: &sumologic.CseAggregationRuleSeverityMappingArgs{
Type: pulumi.String("string"),
Default: pulumi.Int(0),
Field: pulumi.String("string"),
Mappings: sumologic.CseAggregationRuleSeverityMappingMappingArray{
&sumologic.CseAggregationRuleSeverityMappingMappingArgs{
From: pulumi.String("string"),
To: pulumi.Int(0),
Type: pulumi.String("string"),
},
},
},
MatchExpression: pulumi.String("string"),
AggregationFunctions: sumologic.CseAggregationRuleAggregationFunctionArray{
&sumologic.CseAggregationRuleAggregationFunctionArgs{
Arguments: pulumi.StringArray{
pulumi.String("string"),
},
Function: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
IsPrototype: pulumi.Bool(false),
SummaryExpression: pulumi.String("string"),
SuppressionWindowSize: pulumi.Int(0),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
GroupByFields: pulumi.StringArray{
pulumi.String("string"),
},
GroupByEntity: pulumi.Bool(false),
WindowSizeMillis: pulumi.String("string"),
})
var cseAggregationRuleResource = new CseAggregationRule("cseAggregationRuleResource", CseAggregationRuleArgs.builder()
.nameExpression("string")
.descriptionExpression("string")
.enabled(false)
.entitySelectors(CseAggregationRuleEntitySelectorArgs.builder()
.entityType("string")
.expression("string")
.build())
.windowSize("string")
.triggerExpression("string")
.severityMapping(CseAggregationRuleSeverityMappingArgs.builder()
.type("string")
.default_(0)
.field("string")
.mappings(CseAggregationRuleSeverityMappingMappingArgs.builder()
.from("string")
.to(0)
.type("string")
.build())
.build())
.matchExpression("string")
.aggregationFunctions(CseAggregationRuleAggregationFunctionArgs.builder()
.arguments("string")
.function("string")
.name("string")
.build())
.name("string")
.isPrototype(false)
.summaryExpression("string")
.suppressionWindowSize(0)
.tags("string")
.groupByFields("string")
.groupByEntity(false)
.windowSizeMillis("string")
.build());
cse_aggregation_rule_resource = sumologic.CseAggregationRule("cseAggregationRuleResource",
name_expression="string",
description_expression="string",
enabled=False,
entity_selectors=[sumologic.CseAggregationRuleEntitySelectorArgs(
entity_type="string",
expression="string",
)],
window_size="string",
trigger_expression="string",
severity_mapping=sumologic.CseAggregationRuleSeverityMappingArgs(
type="string",
default=0,
field="string",
mappings=[sumologic.CseAggregationRuleSeverityMappingMappingArgs(
from_="string",
to=0,
type="string",
)],
),
match_expression="string",
aggregation_functions=[sumologic.CseAggregationRuleAggregationFunctionArgs(
arguments=["string"],
function="string",
name="string",
)],
name="string",
is_prototype=False,
summary_expression="string",
suppression_window_size=0,
tags=["string"],
group_by_fields=["string"],
group_by_entity=False,
window_size_millis="string")
const cseAggregationRuleResource = new sumologic.CseAggregationRule("cseAggregationRuleResource", {
nameExpression: "string",
descriptionExpression: "string",
enabled: false,
entitySelectors: [{
entityType: "string",
expression: "string",
}],
windowSize: "string",
triggerExpression: "string",
severityMapping: {
type: "string",
"default": 0,
field: "string",
mappings: [{
from: "string",
to: 0,
type: "string",
}],
},
matchExpression: "string",
aggregationFunctions: [{
arguments: ["string"],
"function": "string",
name: "string",
}],
name: "string",
isPrototype: false,
summaryExpression: "string",
suppressionWindowSize: 0,
tags: ["string"],
groupByFields: ["string"],
groupByEntity: false,
windowSizeMillis: "string",
});
type: sumologic:CseAggregationRule
properties:
aggregationFunctions:
- arguments:
- string
function: string
name: string
descriptionExpression: string
enabled: false
entitySelectors:
- entityType: string
expression: string
groupByEntity: false
groupByFields:
- string
isPrototype: false
matchExpression: string
name: string
nameExpression: string
severityMapping:
default: 0
field: string
mappings:
- from: string
to: 0
type: string
type: string
summaryExpression: string
suppressionWindowSize: 0
tags:
- string
triggerExpression: string
windowSize: string
windowSizeMillis: string
CseAggregationRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CseAggregationRule resource accepts the following input properties:
- Aggregation
Functions List<Pulumi.Sumo Logic. Inputs. Cse Aggregation Rule Aggregation Function> - One or more named aggregation functions
- Description
Expression string - The description of the generated Signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors List<Pulumi.Sumo Logic. Inputs. Cse Aggregation Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Match
Expression string - The expression for which records to match on
- Name
Expression string - The name of the generated Signals
- Severity
Mapping Pulumi.Sumo Logic. Inputs. Cse Aggregation Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- Trigger
Expression string - The expression to determine whether a Signal should be created based on the aggregation results
- Window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- Group
By boolEntity - Whether to group records by the specified entity fields
- Group
By List<string>Fields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<string>
- The tags of the generated Signals
- Window
Size stringMillis
- Aggregation
Functions []CseAggregation Rule Aggregation Function Args - One or more named aggregation functions
- Description
Expression string - The description of the generated Signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors []CseAggregation Rule Entity Selector Args - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Match
Expression string - The expression for which records to match on
- Name
Expression string - The name of the generated Signals
- Severity
Mapping CseAggregation Rule Severity Mapping Args - The configuration of how the severity of the Signals should be mapped from the Records
- Trigger
Expression string - The expression to determine whether a Signal should be created based on the aggregation results
- Window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- Group
By boolEntity - Whether to group records by the specified entity fields
- Group
By []stringFields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- []string
- The tags of the generated Signals
- Window
Size stringMillis
- aggregation
Functions List<CseAggregation Rule Aggregation Function> - One or more named aggregation functions
- description
Expression String - The description of the generated Signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<CseAggregation Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- match
Expression String - The expression for which records to match on
- name
Expression String - The name of the generated Signals
- severity
Mapping CseAggregation Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- trigger
Expression String - The expression to determine whether a Signal should be created based on the aggregation results
- window
Size String - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- group
By BooleanEntity - Whether to group records by the specified entity fields
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule
- summary
Expression String - The summary of the generated Signals
- suppression
Window IntegerSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
- window
Size StringMillis
- aggregation
Functions CseAggregation Rule Aggregation Function[] - One or more named aggregation functions
- description
Expression string - The description of the generated Signals
- enabled boolean
- Whether the rule should generate Signals
- entity
Selectors CseAggregation Rule Entity Selector[] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- match
Expression string - The expression for which records to match on
- name
Expression string - The name of the generated Signals
- severity
Mapping CseAggregation Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- trigger
Expression string - The expression to determine whether a Signal should be created based on the aggregation results
- window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- group
By booleanEntity - Whether to group records by the specified entity fields
- group
By string[]Fields - A list of fields to group records by
- is
Prototype boolean - Whether the generated Signals should be prototype Signals
- name string
- The name of the Rule
- summary
Expression string - The summary of the generated Signals
- suppression
Window numberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- string[]
- The tags of the generated Signals
- window
Size stringMillis
- aggregation_
functions Sequence[CseAggregation Rule Aggregation Function Args] - One or more named aggregation functions
- description_
expression str - The description of the generated Signals
- enabled bool
- Whether the rule should generate Signals
- entity_
selectors Sequence[CseAggregation Rule Entity Selector Args] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- match_
expression str - The expression for which records to match on
- name_
expression str - The name of the generated Signals
- severity_
mapping CseAggregation Rule Severity Mapping Args - The configuration of how the severity of the Signals should be mapped from the Records
- trigger_
expression str - The expression to determine whether a Signal should be created based on the aggregation results
- window_
size str - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- group_
by_ boolentity - Whether to group records by the specified entity fields
- group_
by_ Sequence[str]fields - A list of fields to group records by
- is_
prototype bool - Whether the generated Signals should be prototype Signals
- name str
- The name of the Rule
- summary_
expression str - The summary of the generated Signals
- suppression_
window_ intsize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- Sequence[str]
- The tags of the generated Signals
- window_
size_ strmillis
- aggregation
Functions List<Property Map> - One or more named aggregation functions
- description
Expression String - The description of the generated Signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<Property Map> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- match
Expression String - The expression for which records to match on
- name
Expression String - The name of the generated Signals
- severity
Mapping Property Map - The configuration of how the severity of the Signals should be mapped from the Records
- trigger
Expression String - The expression to determine whether a Signal should be created based on the aggregation results
- window
Size String - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- group
By BooleanEntity - Whether to group records by the specified entity fields
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule
- summary
Expression String - The summary of the generated Signals
- suppression
Window NumberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
- window
Size StringMillis
Outputs
All input properties are implicitly available as output properties. Additionally, the CseAggregationRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing CseAggregationRule Resource
Get an existing CseAggregationRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CseAggregationRuleState, opts?: CustomResourceOptions): CseAggregationRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
aggregation_functions: Optional[Sequence[CseAggregationRuleAggregationFunctionArgs]] = None,
description_expression: Optional[str] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseAggregationRuleEntitySelectorArgs]] = None,
group_by_entity: Optional[bool] = None,
group_by_fields: Optional[Sequence[str]] = None,
is_prototype: Optional[bool] = None,
match_expression: Optional[str] = None,
name: Optional[str] = None,
name_expression: Optional[str] = None,
severity_mapping: Optional[CseAggregationRuleSeverityMappingArgs] = None,
summary_expression: Optional[str] = None,
suppression_window_size: Optional[int] = None,
tags: Optional[Sequence[str]] = None,
trigger_expression: Optional[str] = None,
window_size: Optional[str] = None,
window_size_millis: Optional[str] = None) -> CseAggregationRulefunc GetCseAggregationRule(ctx *Context, name string, id IDInput, state *CseAggregationRuleState, opts ...ResourceOption) (*CseAggregationRule, error)public static CseAggregationRule Get(string name, Input<string> id, CseAggregationRuleState? state, CustomResourceOptions? opts = null)public static CseAggregationRule get(String name, Output<String> id, CseAggregationRuleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Aggregation
Functions List<Pulumi.Sumo Logic. Inputs. Cse Aggregation Rule Aggregation Function> - One or more named aggregation functions
- Description
Expression string - The description of the generated Signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors List<Pulumi.Sumo Logic. Inputs. Cse Aggregation Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Group
By boolEntity - Whether to group records by the specified entity fields
- Group
By List<string>Fields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Match
Expression string - The expression for which records to match on
- Name string
- The name of the Rule
- Name
Expression string - The name of the generated Signals
- Severity
Mapping Pulumi.Sumo Logic. Inputs. Cse Aggregation Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<string>
- The tags of the generated Signals
- Trigger
Expression string - The expression to determine whether a Signal should be created based on the aggregation results
- Window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- Window
Size stringMillis
- Aggregation
Functions []CseAggregation Rule Aggregation Function Args - One or more named aggregation functions
- Description
Expression string - The description of the generated Signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors []CseAggregation Rule Entity Selector Args - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Group
By boolEntity - Whether to group records by the specified entity fields
- Group
By []stringFields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Match
Expression string - The expression for which records to match on
- Name string
- The name of the Rule
- Name
Expression string - The name of the generated Signals
- Severity
Mapping CseAggregation Rule Severity Mapping Args - The configuration of how the severity of the Signals should be mapped from the Records
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- []string
- The tags of the generated Signals
- Trigger
Expression string - The expression to determine whether a Signal should be created based on the aggregation results
- Window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- Window
Size stringMillis
- aggregation
Functions List<CseAggregation Rule Aggregation Function> - One or more named aggregation functions
- description
Expression String - The description of the generated Signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<CseAggregation Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- group
By BooleanEntity - Whether to group records by the specified entity fields
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- match
Expression String - The expression for which records to match on
- name String
- The name of the Rule
- name
Expression String - The name of the generated Signals
- severity
Mapping CseAggregation Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- summary
Expression String - The summary of the generated Signals
- suppression
Window IntegerSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
- trigger
Expression String - The expression to determine whether a Signal should be created based on the aggregation results
- window
Size String - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- window
Size StringMillis
- aggregation
Functions CseAggregation Rule Aggregation Function[] - One or more named aggregation functions
- description
Expression string - The description of the generated Signals
- enabled boolean
- Whether the rule should generate Signals
- entity
Selectors CseAggregation Rule Entity Selector[] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- group
By booleanEntity - Whether to group records by the specified entity fields
- group
By string[]Fields - A list of fields to group records by
- is
Prototype boolean - Whether the generated Signals should be prototype Signals
- match
Expression string - The expression for which records to match on
- name string
- The name of the Rule
- name
Expression string - The name of the generated Signals
- severity
Mapping CseAggregation Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- summary
Expression string - The summary of the generated Signals
- suppression
Window numberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- string[]
- The tags of the generated Signals
- trigger
Expression string - The expression to determine whether a Signal should be created based on the aggregation results
- window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- window
Size stringMillis
- aggregation_
functions Sequence[CseAggregation Rule Aggregation Function Args] - One or more named aggregation functions
- description_
expression str - The description of the generated Signals
- enabled bool
- Whether the rule should generate Signals
- entity_
selectors Sequence[CseAggregation Rule Entity Selector Args] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- group_
by_ boolentity - Whether to group records by the specified entity fields
- group_
by_ Sequence[str]fields - A list of fields to group records by
- is_
prototype bool - Whether the generated Signals should be prototype Signals
- match_
expression str - The expression for which records to match on
- name str
- The name of the Rule
- name_
expression str - The name of the generated Signals
- severity_
mapping CseAggregation Rule Severity Mapping Args - The configuration of how the severity of the Signals should be mapped from the Records
- summary_
expression str - The summary of the generated Signals
- suppression_
window_ intsize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- Sequence[str]
- The tags of the generated Signals
- trigger_
expression str - The expression to determine whether a Signal should be created based on the aggregation results
- window_
size str - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- window_
size_ strmillis
- aggregation
Functions List<Property Map> - One or more named aggregation functions
- description
Expression String - The description of the generated Signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<Property Map> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- group
By BooleanEntity - Whether to group records by the specified entity fields
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- match
Expression String - The expression for which records to match on
- name String
- The name of the Rule
- name
Expression String - The name of the generated Signals
- severity
Mapping Property Map - The configuration of how the severity of the Signals should be mapped from the Records
- summary
Expression String - The summary of the generated Signals
- suppression
Window NumberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
- trigger
Expression String - The expression to determine whether a Signal should be created based on the aggregation results
- window
Size String - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- window
Size StringMillis
Supporting Types
CseAggregationRuleAggregationFunction, CseAggregationRuleAggregationFunctionArgs
CseAggregationRuleEntitySelector, CseAggregationRuleEntitySelectorArgs
- Entity
Type string - Expression string
- The expression or field name to generate the Signal on.
- Entity
Type string - Expression string
- The expression or field name to generate the Signal on.
- entity
Type String - expression String
- The expression or field name to generate the Signal on.
- entity
Type string - expression string
- The expression or field name to generate the Signal on.
- entity_
type str - expression str
- The expression or field name to generate the Signal on.
- entity
Type String - expression String
- The expression or field name to generate the Signal on.
CseAggregationRuleSeverityMapping, CseAggregationRuleSeverityMappingArgs
- Type string
- Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- Default int
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- Field string
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- Mappings
List<Pulumi.
Sumo Logic. Inputs. Cse Aggregation Rule Severity Mapping Mapping> - The map of record values to severities to use in the "fieldValueMapping" case
- Type string
- Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- Default int
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- Field string
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- Mappings
[]Cse
Aggregation Rule Severity Mapping Mapping - The map of record values to severities to use in the "fieldValueMapping" case
- type String
- Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- default_ Integer
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field String
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings
List<Cse
Aggregation Rule Severity Mapping Mapping> - The map of record values to severities to use in the "fieldValueMapping" case
- type string
- Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- default number
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field string
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings
Cse
Aggregation Rule Severity Mapping Mapping[] - The map of record values to severities to use in the "fieldValueMapping" case
- type str
- Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- default int
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field str
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings
Sequence[Cse
Aggregation Rule Severity Mapping Mapping] - The map of record values to severities to use in the "fieldValueMapping" case
- type String
- Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- default Number
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field String
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings List<Property Map>
- The map of record values to severities to use in the "fieldValueMapping" case
CseAggregationRuleSeverityMappingMapping, CseAggregationRuleSeverityMappingMappingArgs
Import
Aggregation Rules can be imported using the field id, e.g.:
hcl
$ pulumi import sumologic:index/cseAggregationRule:CseAggregationRule aggregation_rule id
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Sumo Logic pulumi/pulumi-sumologic
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
sumologicTerraform Provider.