Create Log Schema
Creates a new log schema. A log schema is applied system-wide. To create a log schema, cluster administrator privileges are required.
Required Permissions
Requires the ADMIN role or higher.
HTTP Request
POST /api/sonar/log-schemas
cURL Example
curl -H "Authorization: Bearer <API_KEY>" \
-d code="ping" \
-d name="Ping" \
-d fields="[{""name"":""_time"", ""type"":""DATE"", ""display_name"":""Time"", ""ordinal"":1}, {""name"":""dst_ip"", ""type"":""IP"", ""display_name"":""Destination IP"", ""ordinal"":2}, {""name"":""rtt"", ""type"":""INT"", ""display_name"":""Round trip time"", ""ordinal"":3}]" \
-X POST \
https://HOSTNAME/api/sonar/log-schemas
Request Parameters
| Key | Required | Type | Description | Note |
|---|---|---|---|---|
| code | O | String | Log schema code | Minimum 1 to maximum 50 characters |
| name | O | String | Log schema name | Minimum 1 to maximum 50 characters |
| name_trans | X | String | Schema name translations | JSON object string |
| description | X | String | Log schema description | Maximum 255 characters |
| fields | X | String | Field definition list | JSON array string |
name_trans is a JSON object string that contains schema names for each locale:
- ko (String, Optional): Korean name
- en (String, Optional): English name
- zh (String, Optional): Chinese name
fields is a JSON array string where each object contains the following properties:
- name (String, Required): Field name (Minimum 1 to maximum 50 characters)
- display_name (String, Required): Display name (Minimum 1 to maximum 50 characters)
- display_name_trans (Object, Optional): Display name for each locale
- type (String, Required): Field type
- One of the following:
DATE,STRING,IP,PORT,SHORT,INT,LONG,COUNTRY,FLOAT,DOUBLE,BOOL,MD5,SHA1,URL,SHA256,DOMAIN
- One of the following:
- ordinal (32-bit integer, Optional): Field order
Success Response
{
"code": "ping"
}
Error Responses
No privilege to create a log schema
HTTP status code 500
{
"error_code": "illegal-state",
"error_msg": "no-permission"
}
Required argument is missing
HTTP status code 400
{
"error_code": "null-argument",
"error_msg": "code should be not null"
}
Invalid argument length
HTTP status code 400
{
"error_code": "invalid-argument",
"error_msg": "'code' must be less than or equal to 50 characters."
}
Duplicated log schema ID
HTTP status code 500
{
"error_code": "illegal-state",
"error_msg": "duplicated log schema code: ping"
}
Field validation errors
HTTP status code 400
Field name is missing:
{
"error_code": "null-argument",
"error_msg": "'fields.name' should be not null"
}
Field display name is missing:
{
"error_code": "null-argument",
"error_msg": "'fields.display_name' should be not null"
}
Field type is missing:
{
"error_code": "null-argument",
"error_msg": "'fields.type' should be string type."
}
Invalid field type:
{
"error_code": "invalid-argument",
"error_msg": "'fields.type' should be one of DATE, STRING, IP, PORT, SHORT, INT, LONG, COUNTRY, FLOAT, DOUBLE, BOOL, MD5, SHA1, URL, SHA256, DOMAIN"
}
Field name length is invalid:
{
"error_code": "invalid-argument",
"error_msg": "'fields.name' must be shorter than or equal to 50 characters."
}