Create Parser
Create a new parser. Cluster administrator privileges are required to call this API.
Required Permissions
Requires the ADMIN role or higher.
HTTP Request
POST /api/sonar/parsers
cURL Example
curl -H "Authorization: Bearer <API_KEY>" \
-d code=test \
-d name=Test \
-d factory_name=fortigate \
-d configs="{""ver"":""2""}" \
-X POST \
https://HOSTNAME/api/sonar/parsers
Request Parameters
| Key | Required | Type | Description | Note |
|---|---|---|---|---|
| code | O | String | Parser code | Minumum 1 to maximum 50 characters |
| name | O | String | Parser display name | Minumum 1 to maximum 50 characters |
| factory_name | O | String | Parser factory name | |
| description | X | String | Parser description | Maximum 2,000 characters |
| schema_code | X | String | Log schema code | |
| configs | X | String key/value | list of configuration options | JSON format string |
Success Response
{}
Error Responses
Required argument is missing
HTTP status code 400
{
"error_code": "null-argument",
"error_msg": "code should be not null"
}
Invalid argument length
HTTP status code 400
{
"error_code": "invalid-argument",
"error_msg": "'code' must be less than or equal to 50 characters."
}
Duplicate parser code or name
HTTP status code 500
{
"error_code": "illegal-state",
"error_msg": "duplicated parser: foo"
}
Parser factory is not found
HTTP status code 500
{
"error_code": "illegal-state",
"error_msg": "parser factory not found: unknown"
}
Schema is not found
HTTP status code 500
{
"error_code": "illegal-state",
"error_msg": "schema not found: unknown"
}
Invalid configuration value
HTTP status code 400
{
"error_code": "invalid-argument",
"error_msg": "parser config [query] should be not null"
}