diff --git a/.generator/schemas/v1/openapi.yaml b/.generator/schemas/v1/openapi.yaml index c84d61cfe740..416eca61272e 100644 --- a/.generator/schemas/v1/openapi.yaml +++ b/.generator/schemas/v1/openapi.yaml @@ -6331,6 +6331,7 @@ components: - $ref: '#/components/schemas/LogsSpanRemapper' - $ref: '#/components/schemas/LogsArrayProcessor' - $ref: '#/components/schemas/LogsDecoderProcessor' + - $ref: '#/components/schemas/LogsSchemaProcessor' LogsQueryCompute: description: Define computation for a log query. properties: @@ -6392,6 +6393,243 @@ components: periods. type: string type: object + LogsSchemaCategoryMapper: + description: "Use the Schema Category Mapper to categorize log event into enum + fields.\nIn the case of OCSF, they can be used to map sibling fields which + are composed of an ID and a name.\n\n**Notes**:\n\n- The syntax of the query + is the one of Logs Explorer search bar.\n The query can be done on any log + attribute or tag, whether it is a facet or not.\n Wildcards can also be used + inside your query.\n- Categories are executed in order and processing stops + at the first match.\n Make sure categories are properly ordered in case a + log could match multiple queries.\n- Sibling fields always have a numerical + ID field and a human-readable string name.\n- A fallback section handles cases + where the name or ID value matches a specific value.\n If the name matches + \"Other\" or the ID matches 99, the value of the sibling name field will be + pulled from a source field from the original log." + properties: + categories: + description: 'Array of filters to match or not a log and their + + corresponding `name` to assign a custom value to the log.' + example: + - filter: + query: '@eventName:(ConsoleLogin OR ExternalIdPDirectoryLogin OR UserAuthentication + OR Authenticate)' + id: 1 + name: Logon + - filter: + query: '@eventName:*' + id: 99 + name: Other + items: + $ref: '#/components/schemas/LogsSchemaCategoryMapperCategory' + type: array + fallback: + $ref: '#/components/schemas/LogsSchemaCategoryMapperFallback' + name: + description: Name of the logs schema category mapper. + example: activity_id and activity_name + type: string + targets: + $ref: '#/components/schemas/LogsSchemaCategoryMapperTargets' + type: + $ref: '#/components/schemas/LogsSchemaCategoryMapperType' + required: + - categories + - targets + - type + - name + type: object + LogsSchemaCategoryMapperCategory: + description: Object describing the logs filter with corresponding category ID + and name assignment. + properties: + filter: + $ref: '#/components/schemas/LogsFilter' + id: + description: ID to inject into the category. + example: 1 + format: int64 + type: integer + name: + description: Value to assign to target schema field. + example: Password Change + type: string + required: + - filter + - id + - name + type: object + LogsSchemaCategoryMapperFallback: + description: Used to override hardcoded category values with a value pulled + from a source attribute on the log. + properties: + sources: + additionalProperties: + items: + type: string + type: array + description: Fallback sources used to populate value of field. + example: {} + type: object + values: + additionalProperties: + type: string + description: Values that define when the fallback is used. + example: {} + type: object + type: object + LogsSchemaCategoryMapperTargets: + description: Name of the target attributes which value is defined by the matching + category. + properties: + id: + description: ID of the field to map log attributes to. + example: ocsf.activity_id + type: string + name: + description: Name of the field to map log attributes to. + example: ocsf.activity_name + type: string + type: object + LogsSchemaCategoryMapperType: + description: Type of logs schema category mapper. + enum: + - schema-category-mapper + example: schema-category-mapper + type: string + x-enum-varnames: + - SCHEMA_CATEGORY_MAPPER + LogsSchemaData: + description: Configuration of the schema data to use. + properties: + class_name: + description: Class name of the schema to use. + example: Account Change + type: string + class_uid: + description: Class UID of the schema to use. + example: 3001 + format: int64 + type: integer + profiles: + description: Optional list of profiles to modify the schema. + example: + - security_control + - host + items: + type: string + type: array + schema_type: + description: Type of schema to use. + example: ocsf + type: string + version: + description: Version of the schema to use. + example: 1.5.0 + type: string + required: + - schema_type + - version + - class_uid + - class_name + type: object + LogsSchemaMapper: + description: Configuration of the schema processor mapper to use. + oneOf: + - $ref: '#/components/schemas/LogsSchemaRemapper' + - $ref: '#/components/schemas/LogsSchemaCategoryMapper' + LogsSchemaProcessor: + description: A processor that has additional validations and checks for a given + schema. Currently supported schema types include OCSF. + properties: + is_enabled: + default: false + description: Whether or not the processor is enabled. + type: boolean + mappers: + description: The `LogsSchemaProcessor` `mappers`. + example: + - name: Map userIdentity to ocsf.user.uid + sources: + - userIdentity.principalId + target: ocsf.user.uid + type: schema-remapper + items: + $ref: '#/components/schemas/LogsSchemaMapper' + type: array + name: + description: Name of the processor. + example: Map additionalEventData.LoginTo to ocsf.dst_endpoint.svc_name + type: string + schema: + $ref: '#/components/schemas/LogsSchemaData' + type: + $ref: '#/components/schemas/LogsSchemaProcessorType' + required: + - name + - mappers + - type + - schema + type: object + LogsSchemaProcessorType: + default: schema-processor + description: Type of logs schema processor. + enum: + - schema-processor + example: schema-processor + type: string + x-enum-varnames: + - SCHEMA_PROCESSOR + LogsSchemaRemapper: + description: The schema remapper maps source log fields to their correct fields. + properties: + name: + description: Name of the logs schema remapper. + example: Map userIdentity.principalId, responseElements.role.roleId, responseElements.user.userId + to ocsf.user.uid + type: string + override_on_conflict: + default: false + description: Override or not the target element if already set. + type: boolean + preserve_source: + default: false + description: Remove or preserve the remapped source element. + type: boolean + sources: + description: Array of source attributes. + example: + - userIdentity.principalId + - responseElements.role.roleId + - responseElements.user.userId + items: + description: Attribute used as a source to remap its value to the target + attribute. + type: string + type: array + target: + description: Target field to map log source field to. + example: ocsf.user.uid + type: string + target_format: + $ref: '#/components/schemas/TargetFormatType' + type: + $ref: '#/components/schemas/LogsSchemaRemapperType' + required: + - name + - sources + - target + - type + type: object + LogsSchemaRemapperType: + description: Type of logs schema remapper. + enum: + - schema-remapper + example: schema-remapper + type: string + x-enum-varnames: + - SCHEMA_REMAPPER LogsServiceRemapper: description: 'Use this processor if you want to assign one or more attributes as the official service. diff --git a/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-false-returns-OK-response_4156521119/frozen.json b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-false-returns-OK-response_4156521119/frozen.json new file mode 100644 index 000000000000..5e51551bbb81 --- /dev/null +++ b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-false-returns-OK-response_4156521119/frozen.json @@ -0,0 +1 @@ +"2025-10-22T19:11:58.774Z" diff --git a/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-false-returns-OK-response_4156521119/recording.har b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-false-returns-OK-response_4156521119/recording.har new file mode 100644 index 000000000000..fcbf55ec19bd --- /dev/null +++ b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-false-returns-OK-response_4156521119/recording.har @@ -0,0 +1,110 @@ +{ + "log": { + "_recordingName": "Logs Pipelines/Create a pipeline with Schema Processor and preserve_source false returns \"OK\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "98435b4b38f66ccde06a72100d3c817d", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 3314, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + }, + { + "_fromType": "array", + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 575, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"filter\":{\"query\":\"source:python\"},\"name\":\"testSchemaProcessor\",\"processors\":[{\"is_enabled\":true,\"mappers\":[{\"categories\":[{\"filter\":{\"query\":\"@eventName:(*Create*)\"},\"id\":1,\"name\":\"Create\"},{\"filter\":{\"query\":\"@eventName:(ChangePassword OR PasswordUpdated)\"},\"id\":3,\"name\":\"Password Change\"},{\"filter\":{\"query\":\"@eventName:(*Attach*)\"},\"id\":7,\"name\":\"Attach Policy\"},{\"filter\":{\"query\":\"@eventName:(*Detach* OR *Remove*)\"},\"id\":8,\"name\":\"Detach Policy\"},{\"filter\":{\"query\":\"@eventName:(*Delete*)\"},\"id\":6,\"name\":\"Delete\"},{\"filter\":{\"query\":\"@eventName:*\"},\"id\":99,\"name\":\"Other\"}],\"fallback\":{\"sources\":{\"ocsf.activity_name\":[\"eventName\"]},\"values\":{\"ocsf.activity_id\":\"99\",\"ocsf.activity_name\":\"Other\"}},\"name\":\"activity_id and activity_name\",\"targets\":{\"id\":\"ocsf.activity_id\",\"name\":\"ocsf.activity_name\"},\"type\":\"schema-category-mapper\"},{\"categories\":[{\"filter\":{\"query\":\"-@errorCode:*\"},\"id\":1,\"name\":\"Success\"},{\"filter\":{\"query\":\"@errorCode:*\"},\"id\":2,\"name\":\"Failure\"}],\"name\":\"status\",\"targets\":{\"id\":\"ocsf.status_id\",\"name\":\"ocsf.status\"},\"type\":\"schema-category-mapper\"},{\"categories\":[{\"filter\":{\"query\":\"@eventName:*\"},\"id\":1,\"name\":\"Informational\"}],\"name\":\"Set default severity\",\"targets\":{\"id\":\"ocsf.severity_id\",\"name\":\"ocsf.severity\"},\"type\":\"schema-category-mapper\"},{\"name\":\"Map userIdentity to ocsf.user.uid\",\"preserve_source\":false,\"sources\":[\"userIdentity.principalId\",\"responseElements.role.roleId\",\"responseElements.user.userId\"],\"target\":\"ocsf.user.uid\",\"type\":\"schema-remapper\"},{\"name\":\"Map userName to ocsf.user.name\",\"preserve_source\":false,\"sources\":[\"requestParameters.userName\",\"responseElements.role.roleName\",\"requestParameters.roleName\",\"responseElements.user.userName\"],\"target\":\"ocsf.user.name\",\"type\":\"schema-remapper\"},{\"name\":\"Map api to ocsf.api\",\"preserve_source\":false,\"sources\":[\"api\"],\"target\":\"ocsf.api\",\"type\":\"schema-remapper\"},{\"name\":\"Map user to ocsf.user\",\"preserve_source\":false,\"sources\":[\"user\"],\"target\":\"ocsf.user\",\"type\":\"schema-remapper\"},{\"name\":\"Map actor to ocsf.actor\",\"preserve_source\":false,\"sources\":[\"actor\"],\"target\":\"ocsf.actor\",\"type\":\"schema-remapper\"},{\"name\":\"Map cloud to ocsf.cloud\",\"preserve_source\":false,\"sources\":[\"cloud\"],\"target\":\"ocsf.cloud\",\"type\":\"schema-remapper\"},{\"name\":\"Map http_request to ocsf.http_request\",\"preserve_source\":false,\"sources\":[\"http_request\"],\"target\":\"ocsf.http_request\",\"type\":\"schema-remapper\"},{\"name\":\"Map metadata to ocsf.metadata\",\"preserve_source\":false,\"sources\":[\"metadata\"],\"target\":\"ocsf.metadata\",\"type\":\"schema-remapper\"},{\"name\":\"Map time to ocsf.time\",\"preserve_source\":false,\"sources\":[\"time\"],\"target\":\"ocsf.time\",\"type\":\"schema-remapper\"},{\"name\":\"Map src_endpoint to ocsf.src_endpoint\",\"preserve_source\":false,\"sources\":[\"src_endpoint\"],\"target\":\"ocsf.src_endpoint\",\"type\":\"schema-remapper\"},{\"name\":\"Map severity to ocsf.severity\",\"preserve_source\":false,\"sources\":[\"severity\"],\"target\":\"ocsf.severity\",\"type\":\"schema-remapper\"},{\"name\":\"Map severity_id to ocsf.severity_id\",\"preserve_source\":false,\"sources\":[\"severity_id\"],\"target\":\"ocsf.severity_id\",\"type\":\"schema-remapper\"}],\"name\":\"Apply OCSF schema for 3001\",\"schema\":{\"class_name\":\"Account Change\",\"class_uid\":3001,\"profiles\":[\"cloud\",\"datetime\"],\"schema_type\":\"ocsf\",\"version\":\"1.5.0\"},\"type\":\"schema-processor\"}],\"tags\":[]}" + }, + "queryString": [], + "url": "https://api.datadoghq.com/api/v1/logs/config/pipelines" + }, + "response": { + "bodySize": 3843, + "content": { + "mimeType": "application/json", + "size": 3843, + "text": "{\"id\":\"-qkKiJPYTne-113i8XJ_Nw\",\"type\":\"pipeline\",\"name\":\"testSchemaProcessor\",\"is_enabled\":false,\"is_read_only\":false,\"filter\":{\"query\":\"source:python\"},\"processors\":[{\"name\":\"Apply OCSF schema for 3001\",\"is_enabled\":true,\"mappers\":[{\"name\":\"activity_id and activity_name\",\"categories\":[{\"filter\":{\"query\":\"@eventName:(*Create*)\"},\"name\":\"Create\",\"id\":1},{\"filter\":{\"query\":\"@eventName:(ChangePassword OR PasswordUpdated)\"},\"name\":\"Password Change\",\"id\":3},{\"filter\":{\"query\":\"@eventName:(*Attach*)\"},\"name\":\"Attach Policy\",\"id\":7},{\"filter\":{\"query\":\"@eventName:(*Detach* OR *Remove*)\"},\"name\":\"Detach Policy\",\"id\":8},{\"filter\":{\"query\":\"@eventName:(*Delete*)\"},\"name\":\"Delete\",\"id\":6},{\"filter\":{\"query\":\"@eventName:*\"},\"name\":\"Other\",\"id\":99}],\"targets\":{\"name\":\"ocsf.activity_name\",\"id\":\"ocsf.activity_id\"},\"fallback\":{\"values\":{\"ocsf.activity_id\":\"99\",\"ocsf.activity_name\":\"Other\"},\"sources\":{\"ocsf.activity_name\":[\"eventName\"]}},\"type\":\"schema-category-mapper\"},{\"name\":\"status\",\"categories\":[{\"filter\":{\"query\":\"-@errorCode:*\"},\"name\":\"Success\",\"id\":1},{\"filter\":{\"query\":\"@errorCode:*\"},\"name\":\"Failure\",\"id\":2}],\"targets\":{\"name\":\"ocsf.status\",\"id\":\"ocsf.status_id\"},\"fallback\":{\"values\":{},\"sources\":{}},\"type\":\"schema-category-mapper\"},{\"name\":\"Set default severity\",\"categories\":[{\"filter\":{\"query\":\"@eventName:*\"},\"name\":\"Informational\",\"id\":1}],\"targets\":{\"name\":\"ocsf.severity\",\"id\":\"ocsf.severity_id\"},\"fallback\":{\"values\":{},\"sources\":{}},\"type\":\"schema-category-mapper\"},{\"name\":\"Map userIdentity to ocsf.user.uid\",\"sources\":[\"userIdentity.principalId\",\"responseElements.role.roleId\",\"responseElements.user.userId\"],\"target\":\"ocsf.user.uid\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map userName to ocsf.user.name\",\"sources\":[\"requestParameters.userName\",\"responseElements.role.roleName\",\"requestParameters.roleName\",\"responseElements.user.userName\"],\"target\":\"ocsf.user.name\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map api to ocsf.api\",\"sources\":[\"api\"],\"target\":\"ocsf.api\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map user to ocsf.user\",\"sources\":[\"user\"],\"target\":\"ocsf.user\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map actor to ocsf.actor\",\"sources\":[\"actor\"],\"target\":\"ocsf.actor\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map cloud to ocsf.cloud\",\"sources\":[\"cloud\"],\"target\":\"ocsf.cloud\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map http_request to ocsf.http_request\",\"sources\":[\"http_request\"],\"target\":\"ocsf.http_request\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map metadata to ocsf.metadata\",\"sources\":[\"metadata\"],\"target\":\"ocsf.metadata\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map time to ocsf.time\",\"sources\":[\"time\"],\"target\":\"ocsf.time\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map src_endpoint to ocsf.src_endpoint\",\"sources\":[\"src_endpoint\"],\"target\":\"ocsf.src_endpoint\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map severity to ocsf.severity\",\"sources\":[\"severity\"],\"target\":\"ocsf.severity\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map severity_id to ocsf.severity_id\",\"sources\":[\"severity_id\"],\"target\":\"ocsf.severity_id\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"}],\"schema\":{\"schema_type\":\"ocsf\",\"version\":\"1.5.0\",\"class_name\":\"Account Change\",\"class_uid\":3001,\"extensions\":[],\"profiles\":[\"cloud\",\"datetime\"]},\"type\":\"schema-processor\"}],\"tags\":[]}\n" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 703, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-10-22T19:11:58.776Z", + "time": 190 + }, + { + "_id": "b2bb1a967f84f27ff9e0bbf774a5d296", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "*/*" + } + ], + "headersSize": 533, + "httpVersion": "HTTP/1.1", + "method": "DELETE", + "queryString": [], + "url": "https://api.datadoghq.com/api/v1/logs/config/pipelines/-qkKiJPYTne-113i8XJ_Nw" + }, + "response": { + "bodySize": 3, + "content": { + "mimeType": "application/json", + "size": 3, + "text": "{}\n" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 677, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-10-22T19:11:58.972Z", + "time": 217 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-true-returns-OK-response_2340010008/frozen.json b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-true-returns-OK-response_2340010008/frozen.json new file mode 100644 index 000000000000..51595862d07d --- /dev/null +++ b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-true-returns-OK-response_2340010008/frozen.json @@ -0,0 +1 @@ +"2025-10-22T19:11:59.195Z" diff --git a/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-true-returns-OK-response_2340010008/recording.har b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-true-returns-OK-response_2340010008/recording.har new file mode 100644 index 000000000000..cb19f8137b50 --- /dev/null +++ b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-Schema-Processor-and-preserve_source-true-returns-OK-response_2340010008/recording.har @@ -0,0 +1,110 @@ +{ + "log": { + "_recordingName": "Logs Pipelines/Create a pipeline with Schema Processor and preserve_source true returns \"OK\" response", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "e3a75d25782f2b47b606e5adef07a8eb", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 3302, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + }, + { + "_fromType": "array", + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 575, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"filter\":{\"query\":\"source:python\"},\"name\":\"testSchemaProcessor\",\"processors\":[{\"is_enabled\":true,\"mappers\":[{\"categories\":[{\"filter\":{\"query\":\"@eventName:(*Create*)\"},\"id\":1,\"name\":\"Create\"},{\"filter\":{\"query\":\"@eventName:(ChangePassword OR PasswordUpdated)\"},\"id\":3,\"name\":\"Password Change\"},{\"filter\":{\"query\":\"@eventName:(*Attach*)\"},\"id\":7,\"name\":\"Attach Policy\"},{\"filter\":{\"query\":\"@eventName:(*Detach* OR *Remove*)\"},\"id\":8,\"name\":\"Detach Policy\"},{\"filter\":{\"query\":\"@eventName:(*Delete*)\"},\"id\":6,\"name\":\"Delete\"},{\"filter\":{\"query\":\"@eventName:*\"},\"id\":99,\"name\":\"Other\"}],\"fallback\":{\"sources\":{\"ocsf.activity_name\":[\"eventName\"]},\"values\":{\"ocsf.activity_id\":\"99\",\"ocsf.activity_name\":\"Other\"}},\"name\":\"activity_id and activity_name\",\"targets\":{\"id\":\"ocsf.activity_id\",\"name\":\"ocsf.activity_name\"},\"type\":\"schema-category-mapper\"},{\"categories\":[{\"filter\":{\"query\":\"-@errorCode:*\"},\"id\":1,\"name\":\"Success\"},{\"filter\":{\"query\":\"@errorCode:*\"},\"id\":2,\"name\":\"Failure\"}],\"name\":\"status\",\"targets\":{\"id\":\"ocsf.status_id\",\"name\":\"ocsf.status\"},\"type\":\"schema-category-mapper\"},{\"categories\":[{\"filter\":{\"query\":\"@eventName:*\"},\"id\":1,\"name\":\"Informational\"}],\"name\":\"Set default severity\",\"targets\":{\"id\":\"ocsf.severity_id\",\"name\":\"ocsf.severity\"},\"type\":\"schema-category-mapper\"},{\"name\":\"Map userIdentity to ocsf.user.uid\",\"preserve_source\":true,\"sources\":[\"userIdentity.principalId\",\"responseElements.role.roleId\",\"responseElements.user.userId\"],\"target\":\"ocsf.user.uid\",\"type\":\"schema-remapper\"},{\"name\":\"Map userName to ocsf.user.name\",\"preserve_source\":true,\"sources\":[\"requestParameters.userName\",\"responseElements.role.roleName\",\"requestParameters.roleName\",\"responseElements.user.userName\"],\"target\":\"ocsf.user.name\",\"type\":\"schema-remapper\"},{\"name\":\"Map api to ocsf.api\",\"preserve_source\":true,\"sources\":[\"api\"],\"target\":\"ocsf.api\",\"type\":\"schema-remapper\"},{\"name\":\"Map user to ocsf.user\",\"preserve_source\":true,\"sources\":[\"user\"],\"target\":\"ocsf.user\",\"type\":\"schema-remapper\"},{\"name\":\"Map actor to ocsf.actor\",\"preserve_source\":true,\"sources\":[\"actor\"],\"target\":\"ocsf.actor\",\"type\":\"schema-remapper\"},{\"name\":\"Map cloud to ocsf.cloud\",\"preserve_source\":true,\"sources\":[\"cloud\"],\"target\":\"ocsf.cloud\",\"type\":\"schema-remapper\"},{\"name\":\"Map http_request to ocsf.http_request\",\"preserve_source\":true,\"sources\":[\"http_request\"],\"target\":\"ocsf.http_request\",\"type\":\"schema-remapper\"},{\"name\":\"Map metadata to ocsf.metadata\",\"preserve_source\":true,\"sources\":[\"metadata\"],\"target\":\"ocsf.metadata\",\"type\":\"schema-remapper\"},{\"name\":\"Map time to ocsf.time\",\"preserve_source\":true,\"sources\":[\"time\"],\"target\":\"ocsf.time\",\"type\":\"schema-remapper\"},{\"name\":\"Map src_endpoint to ocsf.src_endpoint\",\"preserve_source\":true,\"sources\":[\"src_endpoint\"],\"target\":\"ocsf.src_endpoint\",\"type\":\"schema-remapper\"},{\"name\":\"Map severity to ocsf.severity\",\"preserve_source\":true,\"sources\":[\"severity\"],\"target\":\"ocsf.severity\",\"type\":\"schema-remapper\"},{\"name\":\"Map severity_id to ocsf.severity_id\",\"preserve_source\":true,\"sources\":[\"severity_id\"],\"target\":\"ocsf.severity_id\",\"type\":\"schema-remapper\"}],\"name\":\"Apply OCSF schema for 3001\",\"schema\":{\"class_name\":\"Account Change\",\"class_uid\":3001,\"profiles\":[\"cloud\",\"datetime\"],\"schema_type\":\"ocsf\",\"version\":\"1.5.0\"},\"type\":\"schema-processor\"}],\"tags\":[]}" + }, + "queryString": [], + "url": "https://api.datadoghq.com/api/v1/logs/config/pipelines" + }, + "response": { + "bodySize": 3831, + "content": { + "mimeType": "application/json", + "size": 3831, + "text": "{\"id\":\"ReEWRVSbQ-ersoCn0Ibo6g\",\"type\":\"pipeline\",\"name\":\"testSchemaProcessor\",\"is_enabled\":false,\"is_read_only\":false,\"filter\":{\"query\":\"source:python\"},\"processors\":[{\"name\":\"Apply OCSF schema for 3001\",\"is_enabled\":true,\"mappers\":[{\"name\":\"activity_id and activity_name\",\"categories\":[{\"filter\":{\"query\":\"@eventName:(*Create*)\"},\"name\":\"Create\",\"id\":1},{\"filter\":{\"query\":\"@eventName:(ChangePassword OR PasswordUpdated)\"},\"name\":\"Password Change\",\"id\":3},{\"filter\":{\"query\":\"@eventName:(*Attach*)\"},\"name\":\"Attach Policy\",\"id\":7},{\"filter\":{\"query\":\"@eventName:(*Detach* OR *Remove*)\"},\"name\":\"Detach Policy\",\"id\":8},{\"filter\":{\"query\":\"@eventName:(*Delete*)\"},\"name\":\"Delete\",\"id\":6},{\"filter\":{\"query\":\"@eventName:*\"},\"name\":\"Other\",\"id\":99}],\"targets\":{\"name\":\"ocsf.activity_name\",\"id\":\"ocsf.activity_id\"},\"fallback\":{\"values\":{\"ocsf.activity_id\":\"99\",\"ocsf.activity_name\":\"Other\"},\"sources\":{\"ocsf.activity_name\":[\"eventName\"]}},\"type\":\"schema-category-mapper\"},{\"name\":\"status\",\"categories\":[{\"filter\":{\"query\":\"-@errorCode:*\"},\"name\":\"Success\",\"id\":1},{\"filter\":{\"query\":\"@errorCode:*\"},\"name\":\"Failure\",\"id\":2}],\"targets\":{\"name\":\"ocsf.status\",\"id\":\"ocsf.status_id\"},\"fallback\":{\"values\":{},\"sources\":{}},\"type\":\"schema-category-mapper\"},{\"name\":\"Set default severity\",\"categories\":[{\"filter\":{\"query\":\"@eventName:*\"},\"name\":\"Informational\",\"id\":1}],\"targets\":{\"name\":\"ocsf.severity\",\"id\":\"ocsf.severity_id\"},\"fallback\":{\"values\":{},\"sources\":{}},\"type\":\"schema-category-mapper\"},{\"name\":\"Map userIdentity to ocsf.user.uid\",\"sources\":[\"userIdentity.principalId\",\"responseElements.role.roleId\",\"responseElements.user.userId\"],\"target\":\"ocsf.user.uid\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map userName to ocsf.user.name\",\"sources\":[\"requestParameters.userName\",\"responseElements.role.roleName\",\"requestParameters.roleName\",\"responseElements.user.userName\"],\"target\":\"ocsf.user.name\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map api to ocsf.api\",\"sources\":[\"api\"],\"target\":\"ocsf.api\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map user to ocsf.user\",\"sources\":[\"user\"],\"target\":\"ocsf.user\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map actor to ocsf.actor\",\"sources\":[\"actor\"],\"target\":\"ocsf.actor\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map cloud to ocsf.cloud\",\"sources\":[\"cloud\"],\"target\":\"ocsf.cloud\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map http_request to ocsf.http_request\",\"sources\":[\"http_request\"],\"target\":\"ocsf.http_request\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map metadata to ocsf.metadata\",\"sources\":[\"metadata\"],\"target\":\"ocsf.metadata\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map time to ocsf.time\",\"sources\":[\"time\"],\"target\":\"ocsf.time\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map src_endpoint to ocsf.src_endpoint\",\"sources\":[\"src_endpoint\"],\"target\":\"ocsf.src_endpoint\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map severity to ocsf.severity\",\"sources\":[\"severity\"],\"target\":\"ocsf.severity\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map severity_id to ocsf.severity_id\",\"sources\":[\"severity_id\"],\"target\":\"ocsf.severity_id\",\"preserve_source\":true,\"override_on_conflict\":false,\"type\":\"schema-remapper\"}],\"schema\":{\"schema_type\":\"ocsf\",\"version\":\"1.5.0\",\"class_name\":\"Account Change\",\"class_uid\":3001,\"extensions\":[],\"profiles\":[\"cloud\",\"datetime\"]},\"type\":\"schema-processor\"}],\"tags\":[]}\n" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 703, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-10-22T19:11:59.198Z", + "time": 172 + }, + { + "_id": "90ae866a67bd68427b9e79f26788873e", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "*/*" + } + ], + "headersSize": 533, + "httpVersion": "HTTP/1.1", + "method": "DELETE", + "queryString": [], + "url": "https://api.datadoghq.com/api/v1/logs/config/pipelines/ReEWRVSbQ-ersoCn0Ibo6g" + }, + "response": { + "bodySize": 3, + "content": { + "mimeType": "application/json", + "size": 3, + "text": "{}\n" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 677, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-10-22T19:11:59.377Z", + "time": 226 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-schema-processor_3313991131/frozen.json b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-schema-processor_3313991131/frozen.json new file mode 100644 index 000000000000..6df20fdd2807 --- /dev/null +++ b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-schema-processor_3313991131/frozen.json @@ -0,0 +1 @@ +"2025-10-22T19:12:00.030Z" diff --git a/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-schema-processor_3313991131/recording.har b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-schema-processor_3313991131/recording.har new file mode 100644 index 000000000000..f07206c92d5f --- /dev/null +++ b/cassettes/v1/Logs-Pipelines_3794283453/Create-a-pipeline-with-schema-processor_3313991131/recording.har @@ -0,0 +1,110 @@ +{ + "log": { + "_recordingName": "Logs Pipelines/Create a pipeline with schema processor", + "creator": { + "comment": "persister:fs", + "name": "Polly.JS", + "version": "6.0.5" + }, + "entries": [ + { + "_id": "6426e129050ea85b56f48ca515bfbcc8", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 3026, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "application/json" + }, + { + "_fromType": "array", + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 575, + "httpVersion": "HTTP/1.1", + "method": "POST", + "postData": { + "mimeType": "application/json", + "params": [], + "text": "{\"filter\":{\"query\":\"source:python\"},\"name\":\"testSchemaProcessor\",\"processors\":[{\"is_enabled\":true,\"mappers\":[{\"categories\":[{\"filter\":{\"query\":\"@eventName:(*Create*)\"},\"id\":1,\"name\":\"Create\"},{\"filter\":{\"query\":\"@eventName:(ChangePassword OR PasswordUpdated)\"},\"id\":3,\"name\":\"Password Change\"},{\"filter\":{\"query\":\"@eventName:(*Attach*)\"},\"id\":7,\"name\":\"Attach Policy\"},{\"filter\":{\"query\":\"@eventName:(*Detach* OR *Remove*)\"},\"id\":8,\"name\":\"Detach Policy\"},{\"filter\":{\"query\":\"@eventName:(*Delete*)\"},\"id\":6,\"name\":\"Delete\"},{\"filter\":{\"query\":\"@eventName:*\"},\"id\":99,\"name\":\"Other\"}],\"fallback\":{\"sources\":{\"ocsf.activity_name\":[\"eventName\"]},\"values\":{\"ocsf.activity_id\":\"99\",\"ocsf.activity_name\":\"Other\"}},\"name\":\"activity_id and activity_name\",\"targets\":{\"id\":\"ocsf.activity_id\",\"name\":\"ocsf.activity_name\"},\"type\":\"schema-category-mapper\"},{\"categories\":[{\"filter\":{\"query\":\"-@errorCode:*\"},\"id\":1,\"name\":\"Success\"},{\"filter\":{\"query\":\"@errorCode:*\"},\"id\":2,\"name\":\"Failure\"}],\"name\":\"status\",\"targets\":{\"id\":\"ocsf.status_id\",\"name\":\"ocsf.status\"},\"type\":\"schema-category-mapper\"},{\"categories\":[{\"filter\":{\"query\":\"@eventName:*\"},\"id\":1,\"name\":\"Informational\"}],\"name\":\"Set default severity\",\"targets\":{\"id\":\"ocsf.severity_id\",\"name\":\"ocsf.severity\"},\"type\":\"schema-category-mapper\"},{\"name\":\"Map userIdentity to ocsf.user.uid\",\"sources\":[\"userIdentity.principalId\",\"responseElements.role.roleId\",\"responseElements.user.userId\"],\"target\":\"ocsf.user.uid\",\"type\":\"schema-remapper\"},{\"name\":\"Map userName to ocsf.user.name\",\"sources\":[\"requestParameters.userName\",\"responseElements.role.roleName\",\"requestParameters.roleName\",\"responseElements.user.userName\"],\"target\":\"ocsf.user.name\",\"type\":\"schema-remapper\"},{\"name\":\"Map api to ocsf.api\",\"sources\":[\"api\"],\"target\":\"ocsf.api\",\"type\":\"schema-remapper\"},{\"name\":\"Map user to ocsf.user\",\"sources\":[\"user\"],\"target\":\"ocsf.user\",\"type\":\"schema-remapper\"},{\"name\":\"Map actor to ocsf.actor\",\"sources\":[\"actor\"],\"target\":\"ocsf.actor\",\"type\":\"schema-remapper\"},{\"name\":\"Map cloud to ocsf.cloud\",\"sources\":[\"cloud\"],\"target\":\"ocsf.cloud\",\"type\":\"schema-remapper\"},{\"name\":\"Map http_request to ocsf.http_request\",\"sources\":[\"http_request\"],\"target\":\"ocsf.http_request\",\"type\":\"schema-remapper\"},{\"name\":\"Map metadata to ocsf.metadata\",\"sources\":[\"metadata\"],\"target\":\"ocsf.metadata\",\"type\":\"schema-remapper\"},{\"name\":\"Map time to ocsf.time\",\"sources\":[\"time\"],\"target\":\"ocsf.time\",\"type\":\"schema-remapper\"},{\"name\":\"Map src_endpoint to ocsf.src_endpoint\",\"sources\":[\"src_endpoint\"],\"target\":\"ocsf.src_endpoint\",\"type\":\"schema-remapper\"},{\"name\":\"Map severity to ocsf.severity\",\"sources\":[\"severity\"],\"target\":\"ocsf.severity\",\"type\":\"schema-remapper\"},{\"name\":\"Map severity_id to ocsf.severity_id\",\"sources\":[\"severity_id\"],\"target\":\"ocsf.severity_id\",\"type\":\"schema-remapper\"}],\"name\":\"Apply OCSF schema for 3001\",\"schema\":{\"class_name\":\"Account Change\",\"class_uid\":3001,\"profiles\":[\"cloud\",\"datetime\"],\"schema_type\":\"ocsf\",\"version\":\"1.5.0\"},\"type\":\"schema-processor\"}],\"tags\":[]}" + }, + "queryString": [], + "url": "https://api.datadoghq.com/api/v1/logs/config/pipelines" + }, + "response": { + "bodySize": 3843, + "content": { + "mimeType": "application/json", + "size": 3843, + "text": "{\"id\":\"1unf0vMNQKSSwzsg6BuWMw\",\"type\":\"pipeline\",\"name\":\"testSchemaProcessor\",\"is_enabled\":false,\"is_read_only\":false,\"filter\":{\"query\":\"source:python\"},\"processors\":[{\"name\":\"Apply OCSF schema for 3001\",\"is_enabled\":true,\"mappers\":[{\"name\":\"activity_id and activity_name\",\"categories\":[{\"filter\":{\"query\":\"@eventName:(*Create*)\"},\"name\":\"Create\",\"id\":1},{\"filter\":{\"query\":\"@eventName:(ChangePassword OR PasswordUpdated)\"},\"name\":\"Password Change\",\"id\":3},{\"filter\":{\"query\":\"@eventName:(*Attach*)\"},\"name\":\"Attach Policy\",\"id\":7},{\"filter\":{\"query\":\"@eventName:(*Detach* OR *Remove*)\"},\"name\":\"Detach Policy\",\"id\":8},{\"filter\":{\"query\":\"@eventName:(*Delete*)\"},\"name\":\"Delete\",\"id\":6},{\"filter\":{\"query\":\"@eventName:*\"},\"name\":\"Other\",\"id\":99}],\"targets\":{\"name\":\"ocsf.activity_name\",\"id\":\"ocsf.activity_id\"},\"fallback\":{\"values\":{\"ocsf.activity_id\":\"99\",\"ocsf.activity_name\":\"Other\"},\"sources\":{\"ocsf.activity_name\":[\"eventName\"]}},\"type\":\"schema-category-mapper\"},{\"name\":\"status\",\"categories\":[{\"filter\":{\"query\":\"-@errorCode:*\"},\"name\":\"Success\",\"id\":1},{\"filter\":{\"query\":\"@errorCode:*\"},\"name\":\"Failure\",\"id\":2}],\"targets\":{\"name\":\"ocsf.status\",\"id\":\"ocsf.status_id\"},\"fallback\":{\"values\":{},\"sources\":{}},\"type\":\"schema-category-mapper\"},{\"name\":\"Set default severity\",\"categories\":[{\"filter\":{\"query\":\"@eventName:*\"},\"name\":\"Informational\",\"id\":1}],\"targets\":{\"name\":\"ocsf.severity\",\"id\":\"ocsf.severity_id\"},\"fallback\":{\"values\":{},\"sources\":{}},\"type\":\"schema-category-mapper\"},{\"name\":\"Map userIdentity to ocsf.user.uid\",\"sources\":[\"userIdentity.principalId\",\"responseElements.role.roleId\",\"responseElements.user.userId\"],\"target\":\"ocsf.user.uid\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map userName to ocsf.user.name\",\"sources\":[\"requestParameters.userName\",\"responseElements.role.roleName\",\"requestParameters.roleName\",\"responseElements.user.userName\"],\"target\":\"ocsf.user.name\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map api to ocsf.api\",\"sources\":[\"api\"],\"target\":\"ocsf.api\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map user to ocsf.user\",\"sources\":[\"user\"],\"target\":\"ocsf.user\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map actor to ocsf.actor\",\"sources\":[\"actor\"],\"target\":\"ocsf.actor\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map cloud to ocsf.cloud\",\"sources\":[\"cloud\"],\"target\":\"ocsf.cloud\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map http_request to ocsf.http_request\",\"sources\":[\"http_request\"],\"target\":\"ocsf.http_request\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map metadata to ocsf.metadata\",\"sources\":[\"metadata\"],\"target\":\"ocsf.metadata\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map time to ocsf.time\",\"sources\":[\"time\"],\"target\":\"ocsf.time\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map src_endpoint to ocsf.src_endpoint\",\"sources\":[\"src_endpoint\"],\"target\":\"ocsf.src_endpoint\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map severity to ocsf.severity\",\"sources\":[\"severity\"],\"target\":\"ocsf.severity\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"},{\"name\":\"Map severity_id to ocsf.severity_id\",\"sources\":[\"severity_id\"],\"target\":\"ocsf.severity_id\",\"preserve_source\":false,\"override_on_conflict\":false,\"type\":\"schema-remapper\"}],\"schema\":{\"schema_type\":\"ocsf\",\"version\":\"1.5.0\",\"class_name\":\"Account Change\",\"class_uid\":3001,\"extensions\":[],\"profiles\":[\"cloud\",\"datetime\"]},\"type\":\"schema-processor\"}],\"tags\":[]}\n" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 704, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-10-22T19:12:00.033Z", + "time": 160 + }, + { + "_id": "cb55958d5612352d4a6bbf1fc8e94391", + "_order": 0, + "cache": {}, + "request": { + "bodySize": 0, + "cookies": [], + "headers": [ + { + "_fromType": "array", + "name": "accept", + "value": "*/*" + } + ], + "headersSize": 533, + "httpVersion": "HTTP/1.1", + "method": "DELETE", + "queryString": [], + "url": "https://api.datadoghq.com/api/v1/logs/config/pipelines/1unf0vMNQKSSwzsg6BuWMw" + }, + "response": { + "bodySize": 3, + "content": { + "mimeType": "application/json", + "size": 3, + "text": "{}\n" + }, + "cookies": [], + "headers": [ + { + "name": "content-type", + "value": "application/json" + } + ], + "headersSize": 678, + "httpVersion": "HTTP/1.1", + "redirectURL": "", + "status": 200, + "statusText": "OK" + }, + "startedDateTime": "2025-10-22T19:12:00.200Z", + "time": 218 + } + ], + "pages": [], + "version": "1.2" + } +} diff --git a/examples/v1/logs-pipelines/CreateLogsPipeline_1745625064.ts b/examples/v1/logs-pipelines/CreateLogsPipeline_1745625064.ts new file mode 100644 index 000000000000..a8452df44305 --- /dev/null +++ b/examples/v1/logs-pipelines/CreateLogsPipeline_1745625064.ts @@ -0,0 +1,238 @@ +/** + * Create a pipeline with Schema Processor and preserve_source true returns "OK" response + */ + +import { client, v1 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +const apiInstance = new v1.LogsPipelinesApi(configuration); + +const params: v1.LogsPipelinesApiCreateLogsPipelineRequest = { + body: { + filter: { + query: "source:python", + }, + name: "testSchemaProcessor", + processors: [ + { + type: "schema-processor", + isEnabled: true, + name: "Apply OCSF schema for 3001", + schema: { + schemaType: "ocsf", + version: "1.5.0", + classUid: 3001, + className: "Account Change", + profiles: ["cloud", "datetime"], + }, + mappers: [ + { + type: "schema-category-mapper", + name: "activity_id and activity_name", + categories: [ + { + filter: { + query: "@eventName:(*Create*)", + }, + name: "Create", + id: 1, + }, + { + filter: { + query: "@eventName:(ChangePassword OR PasswordUpdated)", + }, + name: "Password Change", + id: 3, + }, + { + filter: { + query: "@eventName:(*Attach*)", + }, + name: "Attach Policy", + id: 7, + }, + { + filter: { + query: "@eventName:(*Detach* OR *Remove*)", + }, + name: "Detach Policy", + id: 8, + }, + { + filter: { + query: "@eventName:(*Delete*)", + }, + name: "Delete", + id: 6, + }, + { + filter: { + query: "@eventName:*", + }, + name: "Other", + id: 99, + }, + ], + targets: { + name: "ocsf.activity_name", + id: "ocsf.activity_id", + }, + fallback: { + values: { + "ocsf.activity_id": "99", + "ocsf.activity_name": "Other", + }, + sources: { + "ocsf.activity_name": ["eventName"], + }, + }, + }, + { + type: "schema-category-mapper", + name: "status", + categories: [ + { + filter: { + query: "-@errorCode:*", + }, + id: 1, + name: "Success", + }, + { + filter: { + query: "@errorCode:*", + }, + id: 2, + name: "Failure", + }, + ], + targets: { + id: "ocsf.status_id", + name: "ocsf.status", + }, + }, + { + type: "schema-category-mapper", + name: "Set default severity", + categories: [ + { + filter: { + query: "@eventName:*", + }, + name: "Informational", + id: 1, + }, + ], + targets: { + name: "ocsf.severity", + id: "ocsf.severity_id", + }, + }, + { + type: "schema-remapper", + name: "Map userIdentity to ocsf.user.uid", + sources: [ + "userIdentity.principalId", + "responseElements.role.roleId", + "responseElements.user.userId", + ], + target: "ocsf.user.uid", + preserveSource: true, + }, + { + type: "schema-remapper", + name: "Map userName to ocsf.user.name", + sources: [ + "requestParameters.userName", + "responseElements.role.roleName", + "requestParameters.roleName", + "responseElements.user.userName", + ], + target: "ocsf.user.name", + preserveSource: true, + }, + { + type: "schema-remapper", + name: "Map api to ocsf.api", + sources: ["api"], + target: "ocsf.api", + preserveSource: true, + }, + { + type: "schema-remapper", + name: "Map user to ocsf.user", + sources: ["user"], + target: "ocsf.user", + preserveSource: true, + }, + { + type: "schema-remapper", + name: "Map actor to ocsf.actor", + sources: ["actor"], + target: "ocsf.actor", + preserveSource: true, + }, + { + type: "schema-remapper", + name: "Map cloud to ocsf.cloud", + sources: ["cloud"], + target: "ocsf.cloud", + preserveSource: true, + }, + { + type: "schema-remapper", + name: "Map http_request to ocsf.http_request", + sources: ["http_request"], + target: "ocsf.http_request", + preserveSource: true, + }, + { + type: "schema-remapper", + name: "Map metadata to ocsf.metadata", + sources: ["metadata"], + target: "ocsf.metadata", + preserveSource: true, + }, + { + type: "schema-remapper", + name: "Map time to ocsf.time", + sources: ["time"], + target: "ocsf.time", + preserveSource: true, + }, + { + type: "schema-remapper", + name: "Map src_endpoint to ocsf.src_endpoint", + sources: ["src_endpoint"], + target: "ocsf.src_endpoint", + preserveSource: true, + }, + { + type: "schema-remapper", + name: "Map severity to ocsf.severity", + sources: ["severity"], + target: "ocsf.severity", + preserveSource: true, + }, + { + type: "schema-remapper", + name: "Map severity_id to ocsf.severity_id", + sources: ["severity_id"], + target: "ocsf.severity_id", + preserveSource: true, + }, + ], + }, + ], + tags: [], + }, +}; + +apiInstance + .createLogsPipeline(params) + .then((data: v1.LogsPipeline) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/examples/v1/logs-pipelines/CreateLogsPipeline_2256674867.ts b/examples/v1/logs-pipelines/CreateLogsPipeline_2256674867.ts new file mode 100644 index 000000000000..de6e21dbe27e --- /dev/null +++ b/examples/v1/logs-pipelines/CreateLogsPipeline_2256674867.ts @@ -0,0 +1,238 @@ +/** + * Create a pipeline with Schema Processor and preserve_source false returns "OK" response + */ + +import { client, v1 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +const apiInstance = new v1.LogsPipelinesApi(configuration); + +const params: v1.LogsPipelinesApiCreateLogsPipelineRequest = { + body: { + filter: { + query: "source:python", + }, + name: "testSchemaProcessor", + processors: [ + { + type: "schema-processor", + isEnabled: true, + name: "Apply OCSF schema for 3001", + schema: { + schemaType: "ocsf", + version: "1.5.0", + classUid: 3001, + className: "Account Change", + profiles: ["cloud", "datetime"], + }, + mappers: [ + { + type: "schema-category-mapper", + name: "activity_id and activity_name", + categories: [ + { + filter: { + query: "@eventName:(*Create*)", + }, + name: "Create", + id: 1, + }, + { + filter: { + query: "@eventName:(ChangePassword OR PasswordUpdated)", + }, + name: "Password Change", + id: 3, + }, + { + filter: { + query: "@eventName:(*Attach*)", + }, + name: "Attach Policy", + id: 7, + }, + { + filter: { + query: "@eventName:(*Detach* OR *Remove*)", + }, + name: "Detach Policy", + id: 8, + }, + { + filter: { + query: "@eventName:(*Delete*)", + }, + name: "Delete", + id: 6, + }, + { + filter: { + query: "@eventName:*", + }, + name: "Other", + id: 99, + }, + ], + targets: { + name: "ocsf.activity_name", + id: "ocsf.activity_id", + }, + fallback: { + values: { + "ocsf.activity_id": "99", + "ocsf.activity_name": "Other", + }, + sources: { + "ocsf.activity_name": ["eventName"], + }, + }, + }, + { + type: "schema-category-mapper", + name: "status", + categories: [ + { + filter: { + query: "-@errorCode:*", + }, + id: 1, + name: "Success", + }, + { + filter: { + query: "@errorCode:*", + }, + id: 2, + name: "Failure", + }, + ], + targets: { + id: "ocsf.status_id", + name: "ocsf.status", + }, + }, + { + type: "schema-category-mapper", + name: "Set default severity", + categories: [ + { + filter: { + query: "@eventName:*", + }, + name: "Informational", + id: 1, + }, + ], + targets: { + name: "ocsf.severity", + id: "ocsf.severity_id", + }, + }, + { + type: "schema-remapper", + name: "Map userIdentity to ocsf.user.uid", + sources: [ + "userIdentity.principalId", + "responseElements.role.roleId", + "responseElements.user.userId", + ], + target: "ocsf.user.uid", + preserveSource: false, + }, + { + type: "schema-remapper", + name: "Map userName to ocsf.user.name", + sources: [ + "requestParameters.userName", + "responseElements.role.roleName", + "requestParameters.roleName", + "responseElements.user.userName", + ], + target: "ocsf.user.name", + preserveSource: false, + }, + { + type: "schema-remapper", + name: "Map api to ocsf.api", + sources: ["api"], + target: "ocsf.api", + preserveSource: false, + }, + { + type: "schema-remapper", + name: "Map user to ocsf.user", + sources: ["user"], + target: "ocsf.user", + preserveSource: false, + }, + { + type: "schema-remapper", + name: "Map actor to ocsf.actor", + sources: ["actor"], + target: "ocsf.actor", + preserveSource: false, + }, + { + type: "schema-remapper", + name: "Map cloud to ocsf.cloud", + sources: ["cloud"], + target: "ocsf.cloud", + preserveSource: false, + }, + { + type: "schema-remapper", + name: "Map http_request to ocsf.http_request", + sources: ["http_request"], + target: "ocsf.http_request", + preserveSource: false, + }, + { + type: "schema-remapper", + name: "Map metadata to ocsf.metadata", + sources: ["metadata"], + target: "ocsf.metadata", + preserveSource: false, + }, + { + type: "schema-remapper", + name: "Map time to ocsf.time", + sources: ["time"], + target: "ocsf.time", + preserveSource: false, + }, + { + type: "schema-remapper", + name: "Map src_endpoint to ocsf.src_endpoint", + sources: ["src_endpoint"], + target: "ocsf.src_endpoint", + preserveSource: false, + }, + { + type: "schema-remapper", + name: "Map severity to ocsf.severity", + sources: ["severity"], + target: "ocsf.severity", + preserveSource: false, + }, + { + type: "schema-remapper", + name: "Map severity_id to ocsf.severity_id", + sources: ["severity_id"], + target: "ocsf.severity_id", + preserveSource: false, + }, + ], + }, + ], + tags: [], + }, +}; + +apiInstance + .createLogsPipeline(params) + .then((data: v1.LogsPipeline) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/examples/v1/logs-pipelines/CreateLogsPipeline_501419705.ts b/examples/v1/logs-pipelines/CreateLogsPipeline_501419705.ts new file mode 100644 index 000000000000..effaf7342a6b --- /dev/null +++ b/examples/v1/logs-pipelines/CreateLogsPipeline_501419705.ts @@ -0,0 +1,226 @@ +/** + * Create a pipeline with schema processor + */ + +import { client, v1 } from "@datadog/datadog-api-client"; + +const configuration = client.createConfiguration(); +const apiInstance = new v1.LogsPipelinesApi(configuration); + +const params: v1.LogsPipelinesApiCreateLogsPipelineRequest = { + body: { + filter: { + query: "source:python", + }, + name: "testSchemaProcessor", + processors: [ + { + type: "schema-processor", + isEnabled: true, + name: "Apply OCSF schema for 3001", + schema: { + schemaType: "ocsf", + version: "1.5.0", + classUid: 3001, + className: "Account Change", + profiles: ["cloud", "datetime"], + }, + mappers: [ + { + type: "schema-category-mapper", + name: "activity_id and activity_name", + categories: [ + { + filter: { + query: "@eventName:(*Create*)", + }, + name: "Create", + id: 1, + }, + { + filter: { + query: "@eventName:(ChangePassword OR PasswordUpdated)", + }, + name: "Password Change", + id: 3, + }, + { + filter: { + query: "@eventName:(*Attach*)", + }, + name: "Attach Policy", + id: 7, + }, + { + filter: { + query: "@eventName:(*Detach* OR *Remove*)", + }, + name: "Detach Policy", + id: 8, + }, + { + filter: { + query: "@eventName:(*Delete*)", + }, + name: "Delete", + id: 6, + }, + { + filter: { + query: "@eventName:*", + }, + name: "Other", + id: 99, + }, + ], + targets: { + name: "ocsf.activity_name", + id: "ocsf.activity_id", + }, + fallback: { + values: { + "ocsf.activity_id": "99", + "ocsf.activity_name": "Other", + }, + sources: { + "ocsf.activity_name": ["eventName"], + }, + }, + }, + { + type: "schema-category-mapper", + name: "status", + categories: [ + { + filter: { + query: "-@errorCode:*", + }, + id: 1, + name: "Success", + }, + { + filter: { + query: "@errorCode:*", + }, + id: 2, + name: "Failure", + }, + ], + targets: { + id: "ocsf.status_id", + name: "ocsf.status", + }, + }, + { + type: "schema-category-mapper", + name: "Set default severity", + categories: [ + { + filter: { + query: "@eventName:*", + }, + name: "Informational", + id: 1, + }, + ], + targets: { + name: "ocsf.severity", + id: "ocsf.severity_id", + }, + }, + { + type: "schema-remapper", + name: "Map userIdentity to ocsf.user.uid", + sources: [ + "userIdentity.principalId", + "responseElements.role.roleId", + "responseElements.user.userId", + ], + target: "ocsf.user.uid", + }, + { + type: "schema-remapper", + name: "Map userName to ocsf.user.name", + sources: [ + "requestParameters.userName", + "responseElements.role.roleName", + "requestParameters.roleName", + "responseElements.user.userName", + ], + target: "ocsf.user.name", + }, + { + type: "schema-remapper", + name: "Map api to ocsf.api", + sources: ["api"], + target: "ocsf.api", + }, + { + type: "schema-remapper", + name: "Map user to ocsf.user", + sources: ["user"], + target: "ocsf.user", + }, + { + type: "schema-remapper", + name: "Map actor to ocsf.actor", + sources: ["actor"], + target: "ocsf.actor", + }, + { + type: "schema-remapper", + name: "Map cloud to ocsf.cloud", + sources: ["cloud"], + target: "ocsf.cloud", + }, + { + type: "schema-remapper", + name: "Map http_request to ocsf.http_request", + sources: ["http_request"], + target: "ocsf.http_request", + }, + { + type: "schema-remapper", + name: "Map metadata to ocsf.metadata", + sources: ["metadata"], + target: "ocsf.metadata", + }, + { + type: "schema-remapper", + name: "Map time to ocsf.time", + sources: ["time"], + target: "ocsf.time", + }, + { + type: "schema-remapper", + name: "Map src_endpoint to ocsf.src_endpoint", + sources: ["src_endpoint"], + target: "ocsf.src_endpoint", + }, + { + type: "schema-remapper", + name: "Map severity to ocsf.severity", + sources: ["severity"], + target: "ocsf.severity", + }, + { + type: "schema-remapper", + name: "Map severity_id to ocsf.severity_id", + sources: ["severity_id"], + target: "ocsf.severity_id", + }, + ], + }, + ], + tags: [], + }, +}; + +apiInstance + .createLogsPipeline(params) + .then((data: v1.LogsPipeline) => { + console.log( + "API called successfully. Returned data: " + JSON.stringify(data) + ); + }) + .catch((error: any) => console.error(error)); diff --git a/features/v1/logs_pipelines.feature b/features/v1/logs_pipelines.feature index cdb150dd6edf..5f7dde5db679 100644 --- a/features/v1/logs_pipelines.feature +++ b/features/v1/logs_pipelines.feature @@ -77,6 +77,20 @@ Feature: Logs Pipelines When the request is sent Then the response status is 200 OK + @team:DataDog/event-platform-experience + Scenario: Create a pipeline with Schema Processor and preserve_source false returns "OK" response + Given new "CreateLogsPipeline" request + And body with value {"filter": {"query": "source:python"}, "name": "testSchemaProcessor", "processors": [{"type": "schema-processor", "is_enabled": true, "name": "Apply OCSF schema for 3001", "schema": {"schema_type": "ocsf", "version": "1.5.0", "class_uid": 3001, "class_name": "Account Change", "profiles": ["cloud", "datetime"]}, "mappers": [{"type": "schema-category-mapper", "name": "activity_id and activity_name", "categories": [{"filter": {"query": "@eventName:(*Create*)"}, "name": "Create", "id": 1}, {"filter": {"query": "@eventName:(ChangePassword OR PasswordUpdated)"}, "name": "Password Change", "id": 3}, {"filter": {"query": "@eventName:(*Attach*)"}, "name": "Attach Policy", "id": 7}, {"filter": {"query": "@eventName:(*Detach* OR *Remove*)"}, "name": "Detach Policy", "id": 8}, {"filter": {"query": "@eventName:(*Delete*)"}, "name": "Delete", "id": 6}, {"filter": {"query": "@eventName:*"}, "name": "Other", "id": 99}], "targets": {"name": "ocsf.activity_name", "id": "ocsf.activity_id"}, "fallback": {"values": {"ocsf.activity_id": "99", "ocsf.activity_name": "Other"}, "sources": {"ocsf.activity_name": ["eventName"]}}}, {"type": "schema-category-mapper", "name": "status", "categories": [{"filter": {"query": "-@errorCode:*"}, "id": 1, "name": "Success"}, {"filter": {"query": "@errorCode:*"}, "id": 2, "name": "Failure"}], "targets": {"id": "ocsf.status_id", "name": "ocsf.status"}}, {"type": "schema-category-mapper", "name": "Set default severity", "categories": [{"filter": {"query": "@eventName:*"}, "name": "Informational", "id": 1}], "targets": {"name": "ocsf.severity", "id": "ocsf.severity_id"}}, {"type": "schema-remapper", "name": "Map userIdentity to ocsf.user.uid", "sources": ["userIdentity.principalId", "responseElements.role.roleId", "responseElements.user.userId"], "target": "ocsf.user.uid", "preserve_source": false}, {"type": "schema-remapper", "name": "Map userName to ocsf.user.name", "sources": ["requestParameters.userName", "responseElements.role.roleName", "requestParameters.roleName", "responseElements.user.userName"], "target": "ocsf.user.name", "preserve_source": false}, {"type": "schema-remapper", "name": "Map api to ocsf.api", "sources": ["api"], "target": "ocsf.api", "preserve_source": false}, {"type": "schema-remapper", "name": "Map user to ocsf.user", "sources": ["user"], "target": "ocsf.user", "preserve_source": false}, {"type": "schema-remapper", "name": "Map actor to ocsf.actor", "sources": ["actor"], "target": "ocsf.actor", "preserve_source": false}, {"type": "schema-remapper", "name": "Map cloud to ocsf.cloud", "sources": ["cloud"], "target": "ocsf.cloud", "preserve_source": false}, {"type": "schema-remapper", "name": "Map http_request to ocsf.http_request", "sources": ["http_request"], "target": "ocsf.http_request", "preserve_source": false}, {"type": "schema-remapper", "name": "Map metadata to ocsf.metadata", "sources": ["metadata"], "target": "ocsf.metadata", "preserve_source": false}, {"type": "schema-remapper", "name": "Map time to ocsf.time", "sources": ["time"], "target": "ocsf.time", "preserve_source": false}, {"type": "schema-remapper", "name": "Map src_endpoint to ocsf.src_endpoint", "sources": ["src_endpoint"], "target": "ocsf.src_endpoint", "preserve_source": false}, {"type": "schema-remapper", "name": "Map severity to ocsf.severity", "sources": ["severity"], "target": "ocsf.severity", "preserve_source": false}, {"type": "schema-remapper", "name": "Map severity_id to ocsf.severity_id", "sources": ["severity_id"], "target": "ocsf.severity_id", "preserve_source": false}]}], "tags": []} + When the request is sent + Then the response status is 200 OK + + @team:DataDog/event-platform-experience + Scenario: Create a pipeline with Schema Processor and preserve_source true returns "OK" response + Given new "CreateLogsPipeline" request + And body with value {"filter": {"query": "source:python"}, "name": "testSchemaProcessor", "processors": [{"type": "schema-processor", "is_enabled": true, "name": "Apply OCSF schema for 3001", "schema": {"schema_type": "ocsf", "version": "1.5.0", "class_uid": 3001, "class_name": "Account Change", "profiles": ["cloud", "datetime"]}, "mappers": [{"type": "schema-category-mapper", "name": "activity_id and activity_name", "categories": [{"filter": {"query": "@eventName:(*Create*)"}, "name": "Create", "id": 1}, {"filter": {"query": "@eventName:(ChangePassword OR PasswordUpdated)"}, "name": "Password Change", "id": 3}, {"filter": {"query": "@eventName:(*Attach*)"}, "name": "Attach Policy", "id": 7}, {"filter": {"query": "@eventName:(*Detach* OR *Remove*)"}, "name": "Detach Policy", "id": 8}, {"filter": {"query": "@eventName:(*Delete*)"}, "name": "Delete", "id": 6}, {"filter": {"query": "@eventName:*"}, "name": "Other", "id": 99}], "targets": {"name": "ocsf.activity_name", "id": "ocsf.activity_id"}, "fallback": {"values": {"ocsf.activity_id": "99", "ocsf.activity_name": "Other"}, "sources": {"ocsf.activity_name": ["eventName"]}}}, {"type": "schema-category-mapper", "name": "status", "categories": [{"filter": {"query": "-@errorCode:*"}, "id": 1, "name": "Success"}, {"filter": {"query": "@errorCode:*"}, "id": 2, "name": "Failure"}], "targets": {"id": "ocsf.status_id", "name": "ocsf.status"}}, {"type": "schema-category-mapper", "name": "Set default severity", "categories": [{"filter": {"query": "@eventName:*"}, "name": "Informational", "id": 1}], "targets": {"name": "ocsf.severity", "id": "ocsf.severity_id"}}, {"type": "schema-remapper", "name": "Map userIdentity to ocsf.user.uid", "sources": ["userIdentity.principalId", "responseElements.role.roleId", "responseElements.user.userId"], "target": "ocsf.user.uid", "preserve_source": true}, {"type": "schema-remapper", "name": "Map userName to ocsf.user.name", "sources": ["requestParameters.userName", "responseElements.role.roleName", "requestParameters.roleName", "responseElements.user.userName"], "target": "ocsf.user.name", "preserve_source": true}, {"type": "schema-remapper", "name": "Map api to ocsf.api", "sources": ["api"], "target": "ocsf.api", "preserve_source": true}, {"type": "schema-remapper", "name": "Map user to ocsf.user", "sources": ["user"], "target": "ocsf.user", "preserve_source": true}, {"type": "schema-remapper", "name": "Map actor to ocsf.actor", "sources": ["actor"], "target": "ocsf.actor", "preserve_source": true}, {"type": "schema-remapper", "name": "Map cloud to ocsf.cloud", "sources": ["cloud"], "target": "ocsf.cloud", "preserve_source": true}, {"type": "schema-remapper", "name": "Map http_request to ocsf.http_request", "sources": ["http_request"], "target": "ocsf.http_request", "preserve_source": true}, {"type": "schema-remapper", "name": "Map metadata to ocsf.metadata", "sources": ["metadata"], "target": "ocsf.metadata", "preserve_source": true}, {"type": "schema-remapper", "name": "Map time to ocsf.time", "sources": ["time"], "target": "ocsf.time", "preserve_source": true}, {"type": "schema-remapper", "name": "Map src_endpoint to ocsf.src_endpoint", "sources": ["src_endpoint"], "target": "ocsf.src_endpoint", "preserve_source": true}, {"type": "schema-remapper", "name": "Map severity to ocsf.severity", "sources": ["severity"], "target": "ocsf.severity", "preserve_source": true}, {"type": "schema-remapper", "name": "Map severity_id to ocsf.severity_id", "sources": ["severity_id"], "target": "ocsf.severity_id", "preserve_source": true}]}], "tags": []} + When the request is sent + Then the response status is 200 OK + @team:DataDog/event-platform-experience Scenario: Create a pipeline with Span Id Remapper returns "OK" response Given new "CreateLogsPipeline" request @@ -84,6 +98,13 @@ Feature: Logs Pipelines When the request is sent Then the response status is 200 OK + @team:DataDog/event-platform-experience + Scenario: Create a pipeline with schema processor + Given new "CreateLogsPipeline" request + And body with value {"filter": {"query": "source:python"}, "name": "testSchemaProcessor", "processors": [{"type": "schema-processor", "is_enabled": true, "name": "Apply OCSF schema for 3001", "schema": {"schema_type": "ocsf", "version": "1.5.0", "class_uid": 3001, "class_name": "Account Change", "profiles": ["cloud", "datetime"]}, "mappers": [{"type": "schema-category-mapper", "name": "activity_id and activity_name", "categories": [{"filter": {"query": "@eventName:(*Create*)"}, "name": "Create", "id": 1}, {"filter": {"query": "@eventName:(ChangePassword OR PasswordUpdated)"}, "name": "Password Change", "id": 3}, {"filter": {"query": "@eventName:(*Attach*)"}, "name": "Attach Policy", "id": 7}, {"filter": {"query": "@eventName:(*Detach* OR *Remove*)"}, "name": "Detach Policy", "id": 8}, {"filter": {"query": "@eventName:(*Delete*)"}, "name": "Delete", "id": 6}, {"filter": {"query": "@eventName:*"}, "name": "Other", "id": 99}], "targets": {"name": "ocsf.activity_name", "id": "ocsf.activity_id"}, "fallback": {"values": {"ocsf.activity_id": "99", "ocsf.activity_name": "Other"}, "sources": {"ocsf.activity_name": ["eventName"]}}}, {"type": "schema-category-mapper", "name": "status", "categories": [{"filter": {"query": "-@errorCode:*"}, "id": 1, "name": "Success"}, {"filter": {"query": "@errorCode:*"}, "id": 2, "name": "Failure"}], "targets": {"id": "ocsf.status_id", "name": "ocsf.status"}}, {"type": "schema-category-mapper", "name": "Set default severity", "categories": [{"filter": {"query": "@eventName:*"}, "name": "Informational", "id": 1}], "targets": {"name": "ocsf.severity", "id": "ocsf.severity_id"}}, {"type": "schema-remapper", "name": "Map userIdentity to ocsf.user.uid", "sources": ["userIdentity.principalId", "responseElements.role.roleId", "responseElements.user.userId"], "target": "ocsf.user.uid"}, {"type": "schema-remapper", "name": "Map userName to ocsf.user.name", "sources": ["requestParameters.userName", "responseElements.role.roleName", "requestParameters.roleName", "responseElements.user.userName"], "target": "ocsf.user.name"}, {"type": "schema-remapper", "name": "Map api to ocsf.api", "sources": ["api"], "target": "ocsf.api"}, {"type": "schema-remapper", "name": "Map user to ocsf.user", "sources": ["user"], "target": "ocsf.user"}, {"type": "schema-remapper", "name": "Map actor to ocsf.actor", "sources": ["actor"], "target": "ocsf.actor"}, {"type": "schema-remapper", "name": "Map cloud to ocsf.cloud", "sources": ["cloud"], "target": "ocsf.cloud"}, {"type": "schema-remapper", "name": "Map http_request to ocsf.http_request", "sources": ["http_request"], "target": "ocsf.http_request"}, {"type": "schema-remapper", "name": "Map metadata to ocsf.metadata", "sources": ["metadata"], "target": "ocsf.metadata"}, {"type": "schema-remapper", "name": "Map time to ocsf.time", "sources": ["time"], "target": "ocsf.time"}, {"type": "schema-remapper", "name": "Map src_endpoint to ocsf.src_endpoint", "sources": ["src_endpoint"], "target": "ocsf.src_endpoint"}, {"type": "schema-remapper", "name": "Map severity to ocsf.severity", "sources": ["severity"], "target": "ocsf.severity"}, {"type": "schema-remapper", "name": "Map severity_id to ocsf.severity_id", "sources": ["severity_id"], "target": "ocsf.severity_id"}]}], "tags": []} + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/event-platform-experience Scenario: Delete a pipeline returns "Bad Request" response Given new "DeleteLogsPipeline" request diff --git a/packages/datadog-api-client-v1/index.ts b/packages/datadog-api-client-v1/index.ts index b901085491e9..2b27b1c2f27a 100644 --- a/packages/datadog-api-client-v1/index.ts +++ b/packages/datadog-api-client-v1/index.ts @@ -604,6 +604,17 @@ export { LogsProcessor } from "./models/LogsProcessor"; export { LogsQueryCompute } from "./models/LogsQueryCompute"; export { LogsRetentionAggSumUsage } from "./models/LogsRetentionAggSumUsage"; export { LogsRetentionSumUsage } from "./models/LogsRetentionSumUsage"; +export { LogsSchemaCategoryMapper } from "./models/LogsSchemaCategoryMapper"; +export { LogsSchemaCategoryMapperCategory } from "./models/LogsSchemaCategoryMapperCategory"; +export { LogsSchemaCategoryMapperFallback } from "./models/LogsSchemaCategoryMapperFallback"; +export { LogsSchemaCategoryMapperTargets } from "./models/LogsSchemaCategoryMapperTargets"; +export { LogsSchemaCategoryMapperType } from "./models/LogsSchemaCategoryMapperType"; +export { LogsSchemaData } from "./models/LogsSchemaData"; +export { LogsSchemaMapper } from "./models/LogsSchemaMapper"; +export { LogsSchemaProcessor } from "./models/LogsSchemaProcessor"; +export { LogsSchemaProcessorType } from "./models/LogsSchemaProcessorType"; +export { LogsSchemaRemapper } from "./models/LogsSchemaRemapper"; +export { LogsSchemaRemapperType } from "./models/LogsSchemaRemapperType"; export { LogsServiceRemapper } from "./models/LogsServiceRemapper"; export { LogsServiceRemapperType } from "./models/LogsServiceRemapperType"; export { LogsSort } from "./models/LogsSort"; diff --git a/packages/datadog-api-client-v1/models/LogsProcessor.ts b/packages/datadog-api-client-v1/models/LogsProcessor.ts index 2f3bd96397e9..ca8e4715f4db 100644 --- a/packages/datadog-api-client-v1/models/LogsProcessor.ts +++ b/packages/datadog-api-client-v1/models/LogsProcessor.ts @@ -14,6 +14,7 @@ import { LogsGrokParser } from "./LogsGrokParser"; import { LogsLookupProcessor } from "./LogsLookupProcessor"; import { LogsMessageRemapper } from "./LogsMessageRemapper"; import { LogsPipelineProcessor } from "./LogsPipelineProcessor"; +import { LogsSchemaProcessor } from "./LogsSchemaProcessor"; import { LogsServiceRemapper } from "./LogsServiceRemapper"; import { LogsSpanRemapper } from "./LogsSpanRemapper"; import { LogsStatusRemapper } from "./LogsStatusRemapper"; @@ -49,4 +50,5 @@ export type LogsProcessor = | LogsSpanRemapper | LogsArrayProcessor | LogsDecoderProcessor + | LogsSchemaProcessor | UnparsedObject; diff --git a/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapper.ts b/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapper.ts new file mode 100644 index 000000000000..dde2cbdf6428 --- /dev/null +++ b/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapper.ts @@ -0,0 +1,105 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { LogsSchemaCategoryMapperCategory } from "./LogsSchemaCategoryMapperCategory"; +import { LogsSchemaCategoryMapperFallback } from "./LogsSchemaCategoryMapperFallback"; +import { LogsSchemaCategoryMapperTargets } from "./LogsSchemaCategoryMapperTargets"; +import { LogsSchemaCategoryMapperType } from "./LogsSchemaCategoryMapperType"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Use the Schema Category Mapper to categorize log event into enum fields. + * In the case of OCSF, they can be used to map sibling fields which are composed of an ID and a name. + * + * **Notes**: + * + * - The syntax of the query is the one of Logs Explorer search bar. + * The query can be done on any log attribute or tag, whether it is a facet or not. + * Wildcards can also be used inside your query. + * - Categories are executed in order and processing stops at the first match. + * Make sure categories are properly ordered in case a log could match multiple queries. + * - Sibling fields always have a numerical ID field and a human-readable string name. + * - A fallback section handles cases where the name or ID value matches a specific value. + * If the name matches "Other" or the ID matches 99, the value of the sibling name field will be pulled from a source field from the original log. + */ +export class LogsSchemaCategoryMapper { + /** + * Array of filters to match or not a log and their + * corresponding `name` to assign a custom value to the log. + */ + "categories": Array; + /** + * Used to override hardcoded category values with a value pulled from a source attribute on the log. + */ + "fallback"?: LogsSchemaCategoryMapperFallback; + /** + * Name of the logs schema category mapper. + */ + "name": string; + /** + * Name of the target attributes which value is defined by the matching category. + */ + "targets": LogsSchemaCategoryMapperTargets; + /** + * Type of logs schema category mapper. + */ + "type": LogsSchemaCategoryMapperType; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + categories: { + baseName: "categories", + type: "Array", + required: true, + }, + fallback: { + baseName: "fallback", + type: "LogsSchemaCategoryMapperFallback", + }, + name: { + baseName: "name", + type: "string", + required: true, + }, + targets: { + baseName: "targets", + type: "LogsSchemaCategoryMapperTargets", + required: true, + }, + type: { + baseName: "type", + type: "LogsSchemaCategoryMapperType", + required: true, + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return LogsSchemaCategoryMapper.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperCategory.ts b/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperCategory.ts new file mode 100644 index 000000000000..b27da9a20d82 --- /dev/null +++ b/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperCategory.ts @@ -0,0 +1,73 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { LogsFilter } from "./LogsFilter"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Object describing the logs filter with corresponding category ID and name assignment. + */ +export class LogsSchemaCategoryMapperCategory { + /** + * Filter for logs. + */ + "filter": LogsFilter; + /** + * ID to inject into the category. + */ + "id": number; + /** + * Value to assign to target schema field. + */ + "name": string; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + filter: { + baseName: "filter", + type: "LogsFilter", + required: true, + }, + id: { + baseName: "id", + type: "number", + required: true, + format: "int64", + }, + name: { + baseName: "name", + type: "string", + required: true, + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return LogsSchemaCategoryMapperCategory.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperFallback.ts b/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperFallback.ts new file mode 100644 index 000000000000..28105cbfdd24 --- /dev/null +++ b/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperFallback.ts @@ -0,0 +1,60 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Used to override hardcoded category values with a value pulled from a source attribute on the log. + */ +export class LogsSchemaCategoryMapperFallback { + /** + * Fallback sources used to populate value of field. + */ + "sources"?: { [key: string]: Array }; + /** + * Values that define when the fallback is used. + */ + "values"?: { [key: string]: string }; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + sources: { + baseName: "sources", + type: "{ [key: string]: Array; }", + }, + values: { + baseName: "values", + type: "{ [key: string]: string; }", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return LogsSchemaCategoryMapperFallback.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperTargets.ts b/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperTargets.ts new file mode 100644 index 000000000000..5bd5d70e2b7c --- /dev/null +++ b/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperTargets.ts @@ -0,0 +1,60 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Name of the target attributes which value is defined by the matching category. + */ +export class LogsSchemaCategoryMapperTargets { + /** + * ID of the field to map log attributes to. + */ + "id"?: string; + /** + * Name of the field to map log attributes to. + */ + "name"?: string; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + id: { + baseName: "id", + type: "string", + }, + name: { + baseName: "name", + type: "string", + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return LogsSchemaCategoryMapperTargets.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperType.ts b/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperType.ts new file mode 100644 index 000000000000..ae93587eb030 --- /dev/null +++ b/packages/datadog-api-client-v1/models/LogsSchemaCategoryMapperType.ts @@ -0,0 +1,16 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { UnparsedObject } from "../../datadog-api-client-common/util"; + +/** + * Type of logs schema category mapper. + */ + +export type LogsSchemaCategoryMapperType = + | typeof SCHEMA_CATEGORY_MAPPER + | UnparsedObject; +export const SCHEMA_CATEGORY_MAPPER = "schema-category-mapper"; diff --git a/packages/datadog-api-client-v1/models/LogsSchemaData.ts b/packages/datadog-api-client-v1/models/LogsSchemaData.ts new file mode 100644 index 000000000000..17a0d397cfd8 --- /dev/null +++ b/packages/datadog-api-client-v1/models/LogsSchemaData.ts @@ -0,0 +1,89 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * Configuration of the schema data to use. + */ +export class LogsSchemaData { + /** + * Class name of the schema to use. + */ + "className": string; + /** + * Class UID of the schema to use. + */ + "classUid": number; + /** + * Optional list of profiles to modify the schema. + */ + "profiles"?: Array; + /** + * Type of schema to use. + */ + "schemaType": string; + /** + * Version of the schema to use. + */ + "version": string; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + className: { + baseName: "class_name", + type: "string", + required: true, + }, + classUid: { + baseName: "class_uid", + type: "number", + required: true, + format: "int64", + }, + profiles: { + baseName: "profiles", + type: "Array", + }, + schemaType: { + baseName: "schema_type", + type: "string", + required: true, + }, + version: { + baseName: "version", + type: "string", + required: true, + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return LogsSchemaData.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v1/models/LogsSchemaMapper.ts b/packages/datadog-api-client-v1/models/LogsSchemaMapper.ts new file mode 100644 index 000000000000..0c3b3bc1b268 --- /dev/null +++ b/packages/datadog-api-client-v1/models/LogsSchemaMapper.ts @@ -0,0 +1,18 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { LogsSchemaCategoryMapper } from "./LogsSchemaCategoryMapper"; +import { LogsSchemaRemapper } from "./LogsSchemaRemapper"; + +import { UnparsedObject } from "../../datadog-api-client-common/util"; + +/** + * Configuration of the schema processor mapper to use. + */ + +export type LogsSchemaMapper = + | LogsSchemaRemapper + | LogsSchemaCategoryMapper + | UnparsedObject; diff --git a/packages/datadog-api-client-v1/models/LogsSchemaProcessor.ts b/packages/datadog-api-client-v1/models/LogsSchemaProcessor.ts new file mode 100644 index 000000000000..80072e69cad8 --- /dev/null +++ b/packages/datadog-api-client-v1/models/LogsSchemaProcessor.ts @@ -0,0 +1,91 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { LogsSchemaData } from "./LogsSchemaData"; +import { LogsSchemaMapper } from "./LogsSchemaMapper"; +import { LogsSchemaProcessorType } from "./LogsSchemaProcessorType"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * A processor that has additional validations and checks for a given schema. Currently supported schema types include OCSF. + */ +export class LogsSchemaProcessor { + /** + * Whether or not the processor is enabled. + */ + "isEnabled"?: boolean; + /** + * The `LogsSchemaProcessor` `mappers`. + */ + "mappers": Array; + /** + * Name of the processor. + */ + "name": string; + /** + * Configuration of the schema data to use. + */ + "schema": LogsSchemaData; + /** + * Type of logs schema processor. + */ + "type": LogsSchemaProcessorType; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + isEnabled: { + baseName: "is_enabled", + type: "boolean", + }, + mappers: { + baseName: "mappers", + type: "Array", + required: true, + }, + name: { + baseName: "name", + type: "string", + required: true, + }, + schema: { + baseName: "schema", + type: "LogsSchemaData", + required: true, + }, + type: { + baseName: "type", + type: "LogsSchemaProcessorType", + required: true, + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return LogsSchemaProcessor.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v1/models/LogsSchemaProcessorType.ts b/packages/datadog-api-client-v1/models/LogsSchemaProcessorType.ts new file mode 100644 index 000000000000..69b9225be759 --- /dev/null +++ b/packages/datadog-api-client-v1/models/LogsSchemaProcessorType.ts @@ -0,0 +1,14 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { UnparsedObject } from "../../datadog-api-client-common/util"; + +/** + * Type of logs schema processor. + */ + +export type LogsSchemaProcessorType = typeof SCHEMA_PROCESSOR | UnparsedObject; +export const SCHEMA_PROCESSOR = "schema-processor"; diff --git a/packages/datadog-api-client-v1/models/LogsSchemaRemapper.ts b/packages/datadog-api-client-v1/models/LogsSchemaRemapper.ts new file mode 100644 index 000000000000..689bfe999b91 --- /dev/null +++ b/packages/datadog-api-client-v1/models/LogsSchemaRemapper.ts @@ -0,0 +1,108 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ +import { LogsSchemaRemapperType } from "./LogsSchemaRemapperType"; +import { TargetFormatType } from "./TargetFormatType"; + +import { AttributeTypeMap } from "../../datadog-api-client-common/util"; + +/** + * The schema remapper maps source log fields to their correct fields. + */ +export class LogsSchemaRemapper { + /** + * Name of the logs schema remapper. + */ + "name": string; + /** + * Override or not the target element if already set. + */ + "overrideOnConflict"?: boolean; + /** + * Remove or preserve the remapped source element. + */ + "preserveSource"?: boolean; + /** + * Array of source attributes. + */ + "sources": Array; + /** + * Target field to map log source field to. + */ + "target": string; + /** + * If the `target_type` of the remapper is `attribute`, try to cast the value to a new specific type. + * If the cast is not possible, the original type is kept. `string`, `integer`, or `double` are the possible types. + * If the `target_type` is `tag`, this parameter may not be specified. + */ + "targetFormat"?: TargetFormatType; + /** + * Type of logs schema remapper. + */ + "type": LogsSchemaRemapperType; + + /** + * A container for additional, undeclared properties. + * This is a holder for any undeclared properties as specified with + * the 'additionalProperties' keyword in the OAS document. + */ + "additionalProperties"?: { [key: string]: any }; + + /** + * @ignore + */ + "_unparsed"?: boolean; + + /** + * @ignore + */ + static readonly attributeTypeMap: AttributeTypeMap = { + name: { + baseName: "name", + type: "string", + required: true, + }, + overrideOnConflict: { + baseName: "override_on_conflict", + type: "boolean", + }, + preserveSource: { + baseName: "preserve_source", + type: "boolean", + }, + sources: { + baseName: "sources", + type: "Array", + required: true, + }, + target: { + baseName: "target", + type: "string", + required: true, + }, + targetFormat: { + baseName: "target_format", + type: "TargetFormatType", + }, + type: { + baseName: "type", + type: "LogsSchemaRemapperType", + required: true, + }, + additionalProperties: { + baseName: "additionalProperties", + type: "{ [key: string]: any; }", + }, + }; + + /** + * @ignore + */ + static getAttributeTypeMap(): AttributeTypeMap { + return LogsSchemaRemapper.attributeTypeMap; + } + + public constructor() {} +} diff --git a/packages/datadog-api-client-v1/models/LogsSchemaRemapperType.ts b/packages/datadog-api-client-v1/models/LogsSchemaRemapperType.ts new file mode 100644 index 000000000000..b11f22fdd306 --- /dev/null +++ b/packages/datadog-api-client-v1/models/LogsSchemaRemapperType.ts @@ -0,0 +1,14 @@ +/** + * Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + * This product includes software developed at Datadog (https://www.datadoghq.com/). + * Copyright 2020-Present Datadog, Inc. + */ + +import { UnparsedObject } from "../../datadog-api-client-common/util"; + +/** + * Type of logs schema remapper. + */ + +export type LogsSchemaRemapperType = typeof SCHEMA_REMAPPER | UnparsedObject; +export const SCHEMA_REMAPPER = "schema-remapper"; diff --git a/packages/datadog-api-client-v1/models/ObjectSerializer.ts b/packages/datadog-api-client-v1/models/ObjectSerializer.ts index 360949eeab2a..07143986d49d 100644 --- a/packages/datadog-api-client-v1/models/ObjectSerializer.ts +++ b/packages/datadog-api-client-v1/models/ObjectSerializer.ts @@ -190,6 +190,13 @@ import { LogsPipelinesOrder } from "./LogsPipelinesOrder"; import { LogsQueryCompute } from "./LogsQueryCompute"; import { LogsRetentionAggSumUsage } from "./LogsRetentionAggSumUsage"; import { LogsRetentionSumUsage } from "./LogsRetentionSumUsage"; +import { LogsSchemaCategoryMapper } from "./LogsSchemaCategoryMapper"; +import { LogsSchemaCategoryMapperCategory } from "./LogsSchemaCategoryMapperCategory"; +import { LogsSchemaCategoryMapperFallback } from "./LogsSchemaCategoryMapperFallback"; +import { LogsSchemaCategoryMapperTargets } from "./LogsSchemaCategoryMapperTargets"; +import { LogsSchemaData } from "./LogsSchemaData"; +import { LogsSchemaProcessor } from "./LogsSchemaProcessor"; +import { LogsSchemaRemapper } from "./LogsSchemaRemapper"; import { LogsServiceRemapper } from "./LogsServiceRemapper"; import { LogsSpanRemapper } from "./LogsSpanRemapper"; import { LogsStatusRemapper } from "./LogsStatusRemapper"; @@ -951,6 +958,9 @@ const enumsMap: { [key: string]: any[] } = { LogsLookupProcessorType: ["lookup-processor"], LogsMessageRemapperType: ["message-remapper"], LogsPipelineProcessorType: ["pipeline"], + LogsSchemaCategoryMapperType: ["schema-category-mapper"], + LogsSchemaProcessorType: ["schema-processor"], + LogsSchemaRemapperType: ["schema-remapper"], LogsServiceRemapperType: ["service-remapper"], LogsSort: ["asc", "desc"], LogsSpanRemapperType: ["span-id-remapper"], @@ -1914,6 +1924,13 @@ const typeMap: { [index: string]: any } = { LogsQueryCompute: LogsQueryCompute, LogsRetentionAggSumUsage: LogsRetentionAggSumUsage, LogsRetentionSumUsage: LogsRetentionSumUsage, + LogsSchemaCategoryMapper: LogsSchemaCategoryMapper, + LogsSchemaCategoryMapperCategory: LogsSchemaCategoryMapperCategory, + LogsSchemaCategoryMapperFallback: LogsSchemaCategoryMapperFallback, + LogsSchemaCategoryMapperTargets: LogsSchemaCategoryMapperTargets, + LogsSchemaData: LogsSchemaData, + LogsSchemaProcessor: LogsSchemaProcessor, + LogsSchemaRemapper: LogsSchemaRemapper, LogsServiceRemapper: LogsServiceRemapper, LogsSpanRemapper: LogsSpanRemapper, LogsStatusRemapper: LogsStatusRemapper, @@ -2448,7 +2465,9 @@ const oneOfMap: { [index: string]: string[] } = { "LogsSpanRemapper", "LogsArrayProcessor", "LogsDecoderProcessor", + "LogsSchemaProcessor", ], + LogsSchemaMapper: ["LogsSchemaRemapper", "LogsSchemaCategoryMapper"], MonitorFormulaAndFunctionQueryDefinition: [ "MonitorFormulaAndFunctionEventQueryDefinition", "MonitorFormulaAndFunctionCostQueryDefinition",