Create Log Schema

Creates a new log schema.

HTTP Request

POST /api/sonar/log-schemas
Request using cURL
curl -H "Authorization: Bearer <API_KEY>" \
     -d code="ping" \
     -d name="Ping" \
     -d fields="[{""name"":""_time"", ""type"":""DATE"", ""display_name"":""Time"", ""ordinal"":1}, {""name"":""dst_ip"", ""type"":""IP"", ""display_name"":""Destination IP"", ""ordinal"":2}, {""name"":""rtt"", ""type"":""INT"", ""display_name"":""Round trip time"", ""ordinal"":2}]" \
     -X POST \
     https://HOSTNAME/api/sonar/log-schemas
Request Parameters
KeyRequiredTypeDescriptionNote
codeOStringLog schema codeMinumum 1 to maximum 50 characters
nameOStringLog schema nameMinumum 1 to maximum 50 characters
descriptionXStringLog schema descriptionMaximum 255 characters
fieldsXStringField definition listJSON Array

fieldsis JSON array string that contains the following properties:

  • type (String): Field type
    • One of the following: DATE, STRING, IP, PORT, INT, LONG, DOUBLE, COUNTRY, MD5, SHA1, URL.
  • name (String): Field name (Maximum 50 characters)
  • display_name (String): Display name (Maximum 50 characters)
  • ordinal (32-bit integer): Field order

Success Response

{}

Error Responses

No privilege to create a log schema

HTTP status code 500. A log schema is applied system-wide. To create a log schema, cluster administrator privileges are required.

{
  "error_code": "illegal-state",
  "error_msg": "no-permission"
}
Required argument is missing

HTTP status code 400.

{
  "error_code": "null-argument",
  "error_msg": "code should be not null"
}
Invalid argument length

HTTP status code 400.

{
  "error_code": "invalid-argument",
  "error_msg": "'code' must be less than or equal to 50 characters."
}
Duplicated log schema ID
{
  "error_code": "illegal-state",
  "error_msg": "duplicated log schema code: ping"
}