Console
    Contact Us Start free

    REST Resource: projects.locations.instances.logTypes

    Resource: LogType

    A Log type represents a data label for data customers send to Chronicle.

    JSON representation 
     { 
 "name" 
 : 
 string 
 , 
 "customLogTypeLabel" 
 : 
 string 
 , 
 "displayName" 
 : 
 string 
 , 
 "golden" 
 : 
 boolean 
 , 
 "productSource" 
 : 
 string 
 , 
 "isCustom" 
 : 
 boolean 
 , 
 "hasCustomParser" 
 : 
 boolean 
 , 
 "lastIngestedTime" 
 : 
 string 
 , 
 "feedCount" 
 : 
 integer 
 , 
 "parserType" 
 : 
 enum (  ParserType 
 
) 
 }
    Fields
    name

    string

    Output only. The resource name of this log type. Format: projects/{project}/locations/{region}/instances/{instance}/logTypes/{logType}
    customLogTypeLabel

    string

    Output only. the custom log type label
    displayName

    string

    Required. The display name of this log type. This is the tag used in YARA-l rules and search queries.
    golden

    boolean

    Output only. Whether a LogType is a 'Golden' log type or not. LogTypes that support rapid customer onboarding are considered 'Golden' log types.
    productSource

    string

    Required. This is what users see in the UI to identify the logtype while creating feed.
    isCustom

    boolean

    Required. Whether the log type is custom or globally available.
    hasCustomParser

    boolean

    Required. The log type could be custom logtype but still be using prebuilt parser. If this is set to true that means that there is a custom parser for this log type. ( deprecated )
    lastIngestedTime

    string ( Timestamp format)

    Required. The last time the log type was ingested.

    Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z" , "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30" .
    feedCount

    integer

    Required. The number of feeds that are ingested for this log type.
    parserType

    enum ( ParserType )

    Required. The type of parser used for this log type. (custom/prebuilt/-)

    ParserType

    enum for getting a ParserType.

    Enums
    PARSER_TYPE_UNSPECIFIED Unspecified parser type.
    CUSTOM_PARSER Custom parser.
    PREBUILT_PARSER Prebuilt parser.

    Methods

    create

    		Create LogType.

    generateEventTypesSuggestions

    		GenerateEventTypesSuggestions generates event types suggestions that can be mapped by a lowcode parser.

    getLogTypeSetting

    		Gets a LogTypeSetting.

    legacySubmitParserExtension

    		LegacySubmitParserExtension creates validates and then makes the extension live.

    list

    		Lists all LogTypes.

    runParser

    		RunParser runs the parser against a log and returns normalized events or any error that occurred during the normalization.

    updateLogTypeSetting

    		UpdateLogTypeSetting updates the log type setting for a log type.
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: