Get Log Schema
Retrieves data structure for a specified log schema.
Required Permissions
Requires the MEMBER role or higher.
HTTP Request
GET /api/sonar/log-schemas/:code
cURL Example
curl -H "Authorization: Bearer <API_KEY>" \
https://HOSTNAME/api/sonar/log-schemas/session
Request Parameter
| Key | Required | Type | Description | Note |
|---|---|---|---|---|
| code | O | String | Log schema code |
Success Response
Below is an example of retrieving the session log schema.
{
"schema": {
"code": "session",
"name": "Session",
"description": "Firewall traffic or flow log.",
"created": "2022-09-01 00:31:13+0900",
"fields": [
{
"name": "_time",
"display_name": "Time",
"type": "DATE",
"ordinal": 1
},
{
"name": "src_ip",
"display_name": "Source IP",
"type": "IP",
"ordinal": 2
},
{
"name": "src_port",
"display_name": "Source Port",
"type": "PORT",
"ordinal": 3
},
{
"name": "dst_ip",
"display_name": "Destination IP",
"type": "IP",
"ordinal": 4
},
{
"name": "dst_port",
"display_name": "Destination Port",
"type": "PORT",
"ordinal": 5
},
{
"name": "protocol",
"display_name": "Protocol",
"type": "STRING",
"ordinal": 6
},
{
"name": "app",
"display_name": "App",
"type": "STRING",
"ordinal": 7
},
{
"name": "action",
"display_name": "Action",
"type": "STRING",
"ordinal": 8
},
{
"name": "nat_src_ip",
"display_name": "NAT Source IP",
"type": "IP",
"ordinal": 9
},
{
"name": "nat_src_port",
"display_name": "NAT Source Port",
"type": "PORT",
"ordinal": 10
},
{
"name": "nat_dst_ip",
"display_name": "NAT Destination IP",
"type": "IP",
"ordinal": 11
},
{
"name": "nat_dst_port",
"display_name": "NAT Destination Port",
"type": "PORT",
"ordinal": 12
},
{
"name": "policy",
"display_name": "Policy",
"type": "STRING",
"ordinal": 13
},
{
"name": "duration",
"display_name": "Duration",
"type": "LONG",
"ordinal": 14
},
{
"name": "total_bytes",
"display_name": "Bytes",
"type": "STRING",
"ordinal": 15
},
{
"name": "total_pkts",
"display_name": "Packets",
"type": "STRING",
"ordinal": 16
},
{
"name": "sent_pkts",
"display_name": "Sent Packets",
"type": "LONG",
"ordinal": 17
},
{
"name": "rcvd_pkts",
"display_name": "Received Packets",
"type": "LONG",
"ordinal": 18
},
{
"name": "sent_bytes",
"display_name": "Sent Bytes",
"type": "LONG",
"ordinal": 19
},
{
"name": "rcvd_bytes",
"display_name": "Received Bytes",
"type": "LONG",
"ordinal": 20
},
{
"name": "src_country",
"display_name": "Source Country",
"type": "COUNTRY",
"ordinal": 21
},
{
"name": "dst_country",
"display_name": "Destination Country",
"type": "COUNTRY",
"ordinal": 22
}
]
}
}
- schema (Map): Log schema definition
- code (String): Code
- name (String): Name
- description (String): Description
- created (String): Date and time of creation (
yyyy-MM-dd HH:mm:ssZ) - fields (Array): List of normalized field definitions
- name (String): Field name
- display_name (String): Display name
- type (String): Type. One of the following:
DATE,STRING,IP,PORT,INT,LONG,DOUBLE,COUNTRY,MD5,SHA1,URL. - ordinal (32-bit integer): Field display order
Error Responses
Log schema is not found
HTTP status code 200
{
"schema": null
}