Docs Home
Sumo Logic v0.23.7 published on Thursday, Oct 24, 2024 by Pulumi
sumologic.CseChainRule
Explore with Pulumi AI
Provides a Sumo Logic CSE Chain Rule.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";
const chainRule = new sumologic.CseChainRule("chain_rule", {
description: "Signal description",
enabled: true,
entitySelectors: [{
entityType: "_username",
expression: "user_username",
}],
expressionsAndLimits: [
{
expression: "success = false",
limit: 5,
},
{
expression: "success = true",
limit: 1,
},
],
groupByFields: [],
isPrototype: false,
ordered: true,
name: "Chain Rule Example",
severity: 5,
summaryExpression: "Signal summary",
tags: ["_mitreAttackTactic:TA0009"],
windowSize: "T30M",
suppressionWindowSize: 2100000,
});
import pulumi
import pulumi_sumologic as sumologic
chain_rule = sumologic.CseChainRule("chain_rule",
description="Signal description",
enabled=True,
entity_selectors=[{
"entity_type": "_username",
"expression": "user_username",
}],
expressions_and_limits=[
{
"expression": "success = false",
"limit": 5,
},
{
"expression": "success = true",
"limit": 1,
},
],
group_by_fields=[],
is_prototype=False,
ordered=True,
name="Chain Rule Example",
severity=5,
summary_expression="Signal summary",
tags=["_mitreAttackTactic:TA0009"],
window_size="T30M",
suppression_window_size=2100000)
package main
import (
"github.com/pulumi/pulumi-sumologic/sdk/go/sumologic"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sumologic.NewCseChainRule(ctx, "chain_rule", &sumologic.CseChainRuleArgs{
Description: pulumi.String("Signal description"),
Enabled: pulumi.Bool(true),
EntitySelectors: sumologic.CseChainRuleEntitySelectorArray{
&sumologic.CseChainRuleEntitySelectorArgs{
EntityType: pulumi.String("_username"),
Expression: pulumi.String("user_username"),
},
},
ExpressionsAndLimits: sumologic.CseChainRuleExpressionsAndLimitArray{
&sumologic.CseChainRuleExpressionsAndLimitArgs{
Expression: pulumi.String("success = false"),
Limit: pulumi.Int(5),
},
&sumologic.CseChainRuleExpressionsAndLimitArgs{
Expression: pulumi.String("success = true"),
Limit: pulumi.Int(1),
},
},
GroupByFields: pulumi.StringArray{},
IsPrototype: pulumi.Bool(false),
Ordered: pulumi.Bool(true),
Name: pulumi.String("Chain Rule Example"),
Severity: pulumi.Int(5),
SummaryExpression: pulumi.String("Signal summary"),
Tags: pulumi.StringArray{
pulumi.String("_mitreAttackTactic:TA0009"),
},
WindowSize: pulumi.String("T30M"),
SuppressionWindowSize: pulumi.Int(2100000),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using SumoLogic = Pulumi.SumoLogic;
return await Deployment.RunAsync(() =>
{
var chainRule = new SumoLogic.CseChainRule("chain_rule", new()
{
Description = "Signal description",
Enabled = true,
EntitySelectors = new[]
{
new SumoLogic.Inputs.CseChainRuleEntitySelectorArgs
{
EntityType = "_username",
Expression = "user_username",
},
},
ExpressionsAndLimits = new[]
{
new SumoLogic.Inputs.CseChainRuleExpressionsAndLimitArgs
{
Expression = "success = false",
Limit = 5,
},
new SumoLogic.Inputs.CseChainRuleExpressionsAndLimitArgs
{
Expression = "success = true",
Limit = 1,
},
},
GroupByFields = new[] {},
IsPrototype = false,
Ordered = true,
Name = "Chain Rule Example",
Severity = 5,
SummaryExpression = "Signal summary",
Tags = new[]
{
"_mitreAttackTactic:TA0009",
},
WindowSize = "T30M",
SuppressionWindowSize = 2100000,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.CseChainRule;
import com.pulumi.sumologic.CseChainRuleArgs;
import com.pulumi.sumologic.inputs.CseChainRuleEntitySelectorArgs;
import com.pulumi.sumologic.inputs.CseChainRuleExpressionsAndLimitArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var chainRule = new CseChainRule("chainRule", CseChainRuleArgs.builder()
.description("Signal description")
.enabled(true)
.entitySelectors(CseChainRuleEntitySelectorArgs.builder()
.entityType("_username")
.expression("user_username")
.build())
.expressionsAndLimits(
CseChainRuleExpressionsAndLimitArgs.builder()
.expression("success = false")
.limit(5)
.build(),
CseChainRuleExpressionsAndLimitArgs.builder()
.expression("success = true")
.limit(1)
.build())
.groupByFields()
.isPrototype(false)
.ordered(true)
.name("Chain Rule Example")
.severity(5)
.summaryExpression("Signal summary")
.tags("_mitreAttackTactic:TA0009")
.windowSize("T30M")
.suppressionWindowSize(2100000)
.build());
}
}
resources:
chainRule:
type: sumologic:CseChainRule
name: chain_rule
properties:
description: Signal description
enabled: true
entitySelectors:
- entityType: _username
expression: user_username
expressionsAndLimits:
- expression: success = false
limit: 5
- expression: success = true
limit: 1
groupByFields: []
isPrototype: false
ordered: true
name: Chain Rule Example
severity: 5
summaryExpression: Signal summary
tags:
- _mitreAttackTactic:TA0009
windowSize: T30M
suppressionWindowSize: 2.1e+06
Create CseChainRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CseChainRule(name: string, args: CseChainRuleArgs, opts?: CustomResourceOptions);@overload
def CseChainRule(resource_name: str,
args: CseChainRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CseChainRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseChainRuleEntitySelectorArgs]] = None,
expressions_and_limits: Optional[Sequence[CseChainRuleExpressionsAndLimitArgs]] = None,
window_size: Optional[str] = None,
severity: Optional[int] = None,
name: Optional[str] = None,
ordered: Optional[bool] = None,
is_prototype: Optional[bool] = None,
summary_expression: Optional[str] = None,
suppression_window_size: Optional[int] = None,
tags: Optional[Sequence[str]] = None,
group_by_fields: Optional[Sequence[str]] = None,
window_size_millis: Optional[str] = None)func NewCseChainRule(ctx *Context, name string, args CseChainRuleArgs, opts ...ResourceOption) (*CseChainRule, error)public CseChainRule(string name, CseChainRuleArgs args, CustomResourceOptions? opts = null)
public CseChainRule(String name, CseChainRuleArgs args)
public CseChainRule(String name, CseChainRuleArgs args, CustomResourceOptions options)
type: sumologic:CseChainRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CseChainRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CseChainRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CseChainRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CseChainRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CseChainRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var cseChainRuleResource = new SumoLogic.CseChainRule("cseChainRuleResource", new()
{
Description = "string",
Enabled = false,
EntitySelectors = new[]
{
new SumoLogic.Inputs.CseChainRuleEntitySelectorArgs
{
EntityType = "string",
Expression = "string",
},
},
ExpressionsAndLimits = new[]
{
new SumoLogic.Inputs.CseChainRuleExpressionsAndLimitArgs
{
Expression = "string",
Limit = 0,
},
},
WindowSize = "string",
Severity = 0,
Name = "string",
Ordered = false,
IsPrototype = false,
SummaryExpression = "string",
SuppressionWindowSize = 0,
Tags = new[]
{
"string",
},
GroupByFields = new[]
{
"string",
},
WindowSizeMillis = "string",
});
example, err := sumologic.NewCseChainRule(ctx, "cseChainRuleResource", &sumologic.CseChainRuleArgs{
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
EntitySelectors: sumologic.CseChainRuleEntitySelectorArray{
&sumologic.CseChainRuleEntitySelectorArgs{
EntityType: pulumi.String("string"),
Expression: pulumi.String("string"),
},
},
ExpressionsAndLimits: sumologic.CseChainRuleExpressionsAndLimitArray{
&sumologic.CseChainRuleExpressionsAndLimitArgs{
Expression: pulumi.String("string"),
Limit: pulumi.Int(0),
},
},
WindowSize: pulumi.String("string"),
Severity: pulumi.Int(0),
Name: pulumi.String("string"),
Ordered: pulumi.Bool(false),
IsPrototype: pulumi.Bool(false),
SummaryExpression: pulumi.String("string"),
SuppressionWindowSize: pulumi.Int(0),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
GroupByFields: pulumi.StringArray{
pulumi.String("string"),
},
WindowSizeMillis: pulumi.String("string"),
})
var cseChainRuleResource = new CseChainRule("cseChainRuleResource", CseChainRuleArgs.builder()
.description("string")
.enabled(false)
.entitySelectors(CseChainRuleEntitySelectorArgs.builder()
.entityType("string")
.expression("string")
.build())
.expressionsAndLimits(CseChainRuleExpressionsAndLimitArgs.builder()
.expression("string")
.limit(0)
.build())
.windowSize("string")
.severity(0)
.name("string")
.ordered(false)
.isPrototype(false)
.summaryExpression("string")
.suppressionWindowSize(0)
.tags("string")
.groupByFields("string")
.windowSizeMillis("string")
.build());
cse_chain_rule_resource = sumologic.CseChainRule("cseChainRuleResource",
description="string",
enabled=False,
entity_selectors=[{
"entity_type": "string",
"expression": "string",
}],
expressions_and_limits=[{
"expression": "string",
"limit": 0,
}],
window_size="string",
severity=0,
name="string",
ordered=False,
is_prototype=False,
summary_expression="string",
suppression_window_size=0,
tags=["string"],
group_by_fields=["string"],
window_size_millis="string")
const cseChainRuleResource = new sumologic.CseChainRule("cseChainRuleResource", {
description: "string",
enabled: false,
entitySelectors: [{
entityType: "string",
expression: "string",
}],
expressionsAndLimits: [{
expression: "string",
limit: 0,
}],
windowSize: "string",
severity: 0,
name: "string",
ordered: false,
isPrototype: false,
summaryExpression: "string",
suppressionWindowSize: 0,
tags: ["string"],
groupByFields: ["string"],
windowSizeMillis: "string",
});
type: sumologic:CseChainRule
properties:
description: string
enabled: false
entitySelectors:
- entityType: string
expression: string
expressionsAndLimits:
- expression: string
limit: 0
groupByFields:
- string
isPrototype: false
name: string
ordered: false
severity: 0
summaryExpression: string
suppressionWindowSize: 0
tags:
- string
windowSize: string
windowSizeMillis: string
CseChainRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CseChainRule resource accepts the following input properties:
- Description string
- The description of the generated Signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors List<Pulumi.Sumo Logic. Inputs. Cse Chain Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Expressions
And List<Pulumi.Limits Sumo Logic. Inputs. Cse Chain Rule Expressions And Limit> - The list of expressions and associated limits to make up the conditions of the chain rule
- Severity int
- The severity of the generated Signals
- Window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- Group
By List<string>Fields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule and the generated SignalS
- Ordered bool
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<string>
- The tags of the generated Signals
- Window
Size stringMillis
- Description string
- The description of the generated Signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors []CseChain Rule Entity Selector Args - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Expressions
And []CseLimits Chain Rule Expressions And Limit Args - The list of expressions and associated limits to make up the conditions of the chain rule
- Severity int
- The severity of the generated Signals
- Window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- Group
By []stringFields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule and the generated SignalS
- Ordered bool
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- []string
- The tags of the generated Signals
- Window
Size stringMillis
- description String
- The description of the generated Signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<CseChain Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expressions
And List<CseLimits Chain Rule Expressions And Limit> - The list of expressions and associated limits to make up the conditions of the chain rule
- severity Integer
- The severity of the generated Signals
- window
Size String - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule and the generated SignalS
- ordered Boolean
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- summary
Expression String - The summary of the generated Signals
- suppression
Window IntegerSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
- window
Size StringMillis
- description string
- The description of the generated Signals
- enabled boolean
- Whether the rule should generate Signals
- entity
Selectors CseChain Rule Entity Selector[] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expressions
And CseLimits Chain Rule Expressions And Limit[] - The list of expressions and associated limits to make up the conditions of the chain rule
- severity number
- The severity of the generated Signals
- window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- group
By string[]Fields - A list of fields to group records by
- is
Prototype boolean - Whether the generated Signals should be prototype Signals
- name string
- The name of the Rule and the generated SignalS
- ordered boolean
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- summary
Expression string - The summary of the generated Signals
- suppression
Window numberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- string[]
- The tags of the generated Signals
- window
Size stringMillis
- description str
- The description of the generated Signals
- enabled bool
- Whether the rule should generate Signals
- entity_
selectors Sequence[CseChain Rule Entity Selector Args] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expressions_
and_ Sequence[Cselimits Chain Rule Expressions And Limit Args] - The list of expressions and associated limits to make up the conditions of the chain rule
- severity int
- The severity of the generated Signals
- window_
size str - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- group_
by_ Sequence[str]fields - A list of fields to group records by
- is_
prototype bool - Whether the generated Signals should be prototype Signals
- name str
- The name of the Rule and the generated SignalS
- ordered bool
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- summary_
expression str - The summary of the generated Signals
- suppression_
window_ intsize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- Sequence[str]
- The tags of the generated Signals
- window_
size_ strmillis
- description String
- The description of the generated Signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<Property Map> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expressions
And List<Property Map>Limits - The list of expressions and associated limits to make up the conditions of the chain rule
- severity Number
- The severity of the generated Signals
- window
Size String - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule and the generated SignalS
- ordered Boolean
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- summary
Expression String - The summary of the generated Signals
- suppression
Window NumberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
- window
Size StringMillis
Outputs
All input properties are implicitly available as output properties. Additionally, the CseChainRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing CseChainRule Resource
Get an existing CseChainRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CseChainRuleState, opts?: CustomResourceOptions): CseChainRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseChainRuleEntitySelectorArgs]] = None,
expressions_and_limits: Optional[Sequence[CseChainRuleExpressionsAndLimitArgs]] = None,
group_by_fields: Optional[Sequence[str]] = None,
is_prototype: Optional[bool] = None,
name: Optional[str] = None,
ordered: Optional[bool] = None,
severity: Optional[int] = None,
summary_expression: Optional[str] = None,
suppression_window_size: Optional[int] = None,
tags: Optional[Sequence[str]] = None,
window_size: Optional[str] = None,
window_size_millis: Optional[str] = None) -> CseChainRulefunc GetCseChainRule(ctx *Context, name string, id IDInput, state *CseChainRuleState, opts ...ResourceOption) (*CseChainRule, error)public static CseChainRule Get(string name, Input<string> id, CseChainRuleState? state, CustomResourceOptions? opts = null)public static CseChainRule get(String name, Output<String> id, CseChainRuleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Description string
- The description of the generated Signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors List<Pulumi.Sumo Logic. Inputs. Cse Chain Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Expressions
And List<Pulumi.Limits Sumo Logic. Inputs. Cse Chain Rule Expressions And Limit> - The list of expressions and associated limits to make up the conditions of the chain rule
- Group
By List<string>Fields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule and the generated SignalS
- Ordered bool
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- Severity int
- The severity of the generated Signals
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<string>
- The tags of the generated Signals
- Window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- Window
Size stringMillis
- Description string
- The description of the generated Signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors []CseChain Rule Entity Selector Args - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Expressions
And []CseLimits Chain Rule Expressions And Limit Args - The list of expressions and associated limits to make up the conditions of the chain rule
- Group
By []stringFields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule and the generated SignalS
- Ordered bool
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- Severity int
- The severity of the generated Signals
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- []string
- The tags of the generated Signals
- Window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- Window
Size stringMillis
- description String
- The description of the generated Signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<CseChain Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expressions
And List<CseLimits Chain Rule Expressions And Limit> - The list of expressions and associated limits to make up the conditions of the chain rule
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule and the generated SignalS
- ordered Boolean
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- severity Integer
- The severity of the generated Signals
- summary
Expression String - The summary of the generated Signals
- suppression
Window IntegerSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
- window
Size String - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- window
Size StringMillis
- description string
- The description of the generated Signals
- enabled boolean
- Whether the rule should generate Signals
- entity
Selectors CseChain Rule Entity Selector[] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expressions
And CseLimits Chain Rule Expressions And Limit[] - The list of expressions and associated limits to make up the conditions of the chain rule
- group
By string[]Fields - A list of fields to group records by
- is
Prototype boolean - Whether the generated Signals should be prototype Signals
- name string
- The name of the Rule and the generated SignalS
- ordered boolean
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- severity number
- The severity of the generated Signals
- summary
Expression string - The summary of the generated Signals
- suppression
Window numberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- string[]
- The tags of the generated Signals
- window
Size string - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- window
Size stringMillis
- description str
- The description of the generated Signals
- enabled bool
- Whether the rule should generate Signals
- entity_
selectors Sequence[CseChain Rule Entity Selector Args] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expressions_
and_ Sequence[Cselimits Chain Rule Expressions And Limit Args] - The list of expressions and associated limits to make up the conditions of the chain rule
- group_
by_ Sequence[str]fields - A list of fields to group records by
- is_
prototype bool - Whether the generated Signals should be prototype Signals
- name str
- The name of the Rule and the generated SignalS
- ordered bool
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- severity int
- The severity of the generated Signals
- summary_
expression str - The summary of the generated Signals
- suppression_
window_ intsize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- Sequence[str]
- The tags of the generated Signals
- window_
size str - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- window_
size_ strmillis
- description String
- The description of the generated Signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<Property Map> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expressions
And List<Property Map>Limits - The list of expressions and associated limits to make up the conditions of the chain rule
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule and the generated SignalS
- ordered Boolean
- Whether the records matching the expressions must be in the same chronological order as the expressions are listed in the rule
- severity Number
- The severity of the generated Signals
- summary
Expression String - The summary of the generated Signals
- suppression
Window NumberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
- window
Size String - How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
- window
Size StringMillis
Supporting Types
CseChainRuleEntitySelector, CseChainRuleEntitySelectorArgs
- Entity
Type string - Expression string
- The expression or field name to generate the Signal on.
- Entity
Type string - Expression string
- The expression or field name to generate the Signal on.
- entity
Type String - expression String
- The expression or field name to generate the Signal on.
- entity
Type string - expression string
- The expression or field name to generate the Signal on.
- entity_
type str - expression str
- The expression or field name to generate the Signal on.
- entity
Type String - expression String
- The expression or field name to generate the Signal on.
CseChainRuleExpressionsAndLimit, CseChainRuleExpressionsAndLimitArgs
- Expression string
- The expression for which records to match on
- Limit int
- How many times this expression must match for the Signal to fire
- Expression string
- The expression for which records to match on
- Limit int
- How many times this expression must match for the Signal to fire
- expression String
- The expression for which records to match on
- limit Integer
- How many times this expression must match for the Signal to fire
- expression string
- The expression for which records to match on
- limit number
- How many times this expression must match for the Signal to fire
- expression str
- The expression for which records to match on
- limit int
- How many times this expression must match for the Signal to fire
- expression String
- The expression for which records to match on
- limit Number
- How many times this expression must match for the Signal to fire
Import
Chain Rules can be imported using the field id, e.g.:
hcl
$ pulumi import sumologic:index/cseChainRule:CseChainRule chain_rule id
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Sumo Logic pulumi/pulumi-sumologic
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
sumologicTerraform Provider.