diff --git a/.generator/schemas/v1/openapi.yaml b/.generator/schemas/v1/openapi.yaml index c84d61cfe740..416eca61272e 100644 --- a/.generator/schemas/v1/openapi.yaml +++ b/.generator/schemas/v1/openapi.yaml @@ -6331,6 +6331,7 @@ components: - $ref: '#/components/schemas/LogsSpanRemapper' - $ref: '#/components/schemas/LogsArrayProcessor' - $ref: '#/components/schemas/LogsDecoderProcessor' + - $ref: '#/components/schemas/LogsSchemaProcessor' LogsQueryCompute: description: Define computation for a log query. properties: @@ -6392,6 +6393,243 @@ components: periods. type: string type: object + LogsSchemaCategoryMapper: + description: "Use the Schema Category Mapper to categorize log event into enum + fields.\nIn the case of OCSF, they can be used to map sibling fields which + are composed of an ID and a name.\n\n**Notes**:\n\n- The syntax of the query + is the one of Logs Explorer search bar.\n The query can be done on any log + attribute or tag, whether it is a facet or not.\n Wildcards can also be used + inside your query.\n- Categories are executed in order and processing stops + at the first match.\n Make sure categories are properly ordered in case a + log could match multiple queries.\n- Sibling fields always have a numerical + ID field and a human-readable string name.\n- A fallback section handles cases + where the name or ID value matches a specific value.\n If the name matches + \"Other\" or the ID matches 99, the value of the sibling name field will be + pulled from a source field from the original log." + properties: + categories: + description: 'Array of filters to match or not a log and their + + corresponding `name` to assign a custom value to the log.' + example: + - filter: + query: '@eventName:(ConsoleLogin OR ExternalIdPDirectoryLogin OR UserAuthentication + OR Authenticate)' + id: 1 + name: Logon + - filter: + query: '@eventName:*' + id: 99 + name: Other + items: + $ref: '#/components/schemas/LogsSchemaCategoryMapperCategory' + type: array + fallback: + $ref: '#/components/schemas/LogsSchemaCategoryMapperFallback' + name: + description: Name of the logs schema category mapper. + example: activity_id and activity_name + type: string + targets: + $ref: '#/components/schemas/LogsSchemaCategoryMapperTargets' + type: + $ref: '#/components/schemas/LogsSchemaCategoryMapperType' + required: + - categories + - targets + - type + - name + type: object + LogsSchemaCategoryMapperCategory: + description: Object describing the logs filter with corresponding category ID + and name assignment. + properties: + filter: + $ref: '#/components/schemas/LogsFilter' + id: + description: ID to inject into the category. + example: 1 + format: int64 + type: integer + name: + description: Value to assign to target schema field. + example: Password Change + type: string + required: + - filter + - id + - name + type: object + LogsSchemaCategoryMapperFallback: + description: Used to override hardcoded category values with a value pulled + from a source attribute on the log. + properties: + sources: + additionalProperties: + items: + type: string + type: array + description: Fallback sources used to populate value of field. + example: {} + type: object + values: + additionalProperties: + type: string + description: Values that define when the fallback is used. + example: {} + type: object + type: object + LogsSchemaCategoryMapperTargets: + description: Name of the target attributes which value is defined by the matching + category. + properties: + id: + description: ID of the field to map log attributes to. + example: ocsf.activity_id + type: string + name: + description: Name of the field to map log attributes to. + example: ocsf.activity_name + type: string + type: object + LogsSchemaCategoryMapperType: + description: Type of logs schema category mapper. + enum: + - schema-category-mapper + example: schema-category-mapper + type: string + x-enum-varnames: + - SCHEMA_CATEGORY_MAPPER + LogsSchemaData: + description: Configuration of the schema data to use. + properties: + class_name: + description: Class name of the schema to use. + example: Account Change + type: string + class_uid: + description: Class UID of the schema to use. + example: 3001 + format: int64 + type: integer + profiles: + description: Optional list of profiles to modify the schema. + example: + - security_control + - host + items: + type: string + type: array + schema_type: + description: Type of schema to use. + example: ocsf + type: string + version: + description: Version of the schema to use. + example: 1.5.0 + type: string + required: + - schema_type + - version + - class_uid + - class_name + type: object + LogsSchemaMapper: + description: Configuration of the schema processor mapper to use. + oneOf: + - $ref: '#/components/schemas/LogsSchemaRemapper' + - $ref: '#/components/schemas/LogsSchemaCategoryMapper' + LogsSchemaProcessor: + description: A processor that has additional validations and checks for a given + schema. Currently supported schema types include OCSF. + properties: + is_enabled: + default: false + description: Whether or not the processor is enabled. + type: boolean + mappers: + description: The `LogsSchemaProcessor` `mappers`. + example: + - name: Map userIdentity to ocsf.user.uid + sources: + - userIdentity.principalId + target: ocsf.user.uid + type: schema-remapper + items: + $ref: '#/components/schemas/LogsSchemaMapper' + type: array + name: + description: Name of the processor. + example: Map additionalEventData.LoginTo to ocsf.dst_endpoint.svc_name + type: string + schema: + $ref: '#/components/schemas/LogsSchemaData' + type: + $ref: '#/components/schemas/LogsSchemaProcessorType' + required: + - name + - mappers + - type + - schema + type: object + LogsSchemaProcessorType: + default: schema-processor + description: Type of logs schema processor. + enum: + - schema-processor + example: schema-processor + type: string + x-enum-varnames: + - SCHEMA_PROCESSOR + LogsSchemaRemapper: + description: The schema remapper maps source log fields to their correct fields. + properties: + name: + description: Name of the logs schema remapper. + example: Map userIdentity.principalId, responseElements.role.roleId, responseElements.user.userId + to ocsf.user.uid + type: string + override_on_conflict: + default: false + description: Override or not the target element if already set. + type: boolean + preserve_source: + default: false + description: Remove or preserve the remapped source element. + type: boolean + sources: + description: Array of source attributes. + example: + - userIdentity.principalId + - responseElements.role.roleId + - responseElements.user.userId + items: + description: Attribute used as a source to remap its value to the target + attribute. + type: string + type: array + target: + description: Target field to map log source field to. + example: ocsf.user.uid + type: string + target_format: + $ref: '#/components/schemas/TargetFormatType' + type: + $ref: '#/components/schemas/LogsSchemaRemapperType' + required: + - name + - sources + - target + - type + type: object + LogsSchemaRemapperType: + description: Type of logs schema remapper. + enum: + - schema-remapper + example: schema-remapper + type: string + x-enum-varnames: + - SCHEMA_REMAPPER LogsServiceRemapper: description: 'Use this processor if you want to assign one or more attributes as the official service. diff --git a/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-false-returns-OK-response.frozen b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-false-returns-OK-response.frozen new file mode 100644 index 000000000000..bbc78f11a098 --- /dev/null +++ b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-false-returns-OK-response.frozen @@ -0,0 +1 @@ +2025-10-22T19:11:58.774Z \ No newline at end of file diff --git a/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-false-returns-OK-response.yml b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-false-returns-OK-response.yml new file mode 100644 index 000000000000..7e8426dd484b --- /dev/null +++ b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-false-returns-OK-response.yml @@ -0,0 +1,83 @@ +http_interactions: +- recorded_at: Wed, 22 Oct 2025 19:11:58 GMT + request: + body: + encoding: UTF-8 + string: '{"filter":{"query":"source:python"},"name":"testSchemaProcessor","processors":[{"is_enabled":true,"mappers":[{"categories":[{"filter":{"query":"@eventName:(*Create*)"},"id":1,"name":"Create"},{"filter":{"query":"@eventName:(ChangePassword + OR PasswordUpdated)"},"id":3,"name":"Password Change"},{"filter":{"query":"@eventName:(*Attach*)"},"id":7,"name":"Attach + Policy"},{"filter":{"query":"@eventName:(*Detach* OR *Remove*)"},"id":8,"name":"Detach + Policy"},{"filter":{"query":"@eventName:(*Delete*)"},"id":6,"name":"Delete"},{"filter":{"query":"@eventName:*"},"id":99,"name":"Other"}],"fallback":{"sources":{"ocsf.activity_name":["eventName"]},"values":{"ocsf.activity_id":"99","ocsf.activity_name":"Other"}},"name":"activity_id + and activity_name","targets":{"id":"ocsf.activity_id","name":"ocsf.activity_name"},"type":"schema-category-mapper"},{"categories":[{"filter":{"query":"-@errorCode:*"},"id":1,"name":"Success"},{"filter":{"query":"@errorCode:*"},"id":2,"name":"Failure"}],"name":"status","targets":{"id":"ocsf.status_id","name":"ocsf.status"},"type":"schema-category-mapper"},{"categories":[{"filter":{"query":"@eventName:*"},"id":1,"name":"Informational"}],"name":"Set + default severity","targets":{"id":"ocsf.severity_id","name":"ocsf.severity"},"type":"schema-category-mapper"},{"name":"Map + userIdentity to ocsf.user.uid","preserve_source":false,"sources":["userIdentity.principalId","responseElements.role.roleId","responseElements.user.userId"],"target":"ocsf.user.uid","type":"schema-remapper"},{"name":"Map + userName to ocsf.user.name","preserve_source":false,"sources":["requestParameters.userName","responseElements.role.roleName","requestParameters.roleName","responseElements.user.userName"],"target":"ocsf.user.name","type":"schema-remapper"},{"name":"Map + api to ocsf.api","preserve_source":false,"sources":["api"],"target":"ocsf.api","type":"schema-remapper"},{"name":"Map + user to ocsf.user","preserve_source":false,"sources":["user"],"target":"ocsf.user","type":"schema-remapper"},{"name":"Map + actor to ocsf.actor","preserve_source":false,"sources":["actor"],"target":"ocsf.actor","type":"schema-remapper"},{"name":"Map + cloud to ocsf.cloud","preserve_source":false,"sources":["cloud"],"target":"ocsf.cloud","type":"schema-remapper"},{"name":"Map + http_request to ocsf.http_request","preserve_source":false,"sources":["http_request"],"target":"ocsf.http_request","type":"schema-remapper"},{"name":"Map + metadata to ocsf.metadata","preserve_source":false,"sources":["metadata"],"target":"ocsf.metadata","type":"schema-remapper"},{"name":"Map + time to ocsf.time","preserve_source":false,"sources":["time"],"target":"ocsf.time","type":"schema-remapper"},{"name":"Map + src_endpoint to ocsf.src_endpoint","preserve_source":false,"sources":["src_endpoint"],"target":"ocsf.src_endpoint","type":"schema-remapper"},{"name":"Map + severity to ocsf.severity","preserve_source":false,"sources":["severity"],"target":"ocsf.severity","type":"schema-remapper"},{"name":"Map + severity_id to ocsf.severity_id","preserve_source":false,"sources":["severity_id"],"target":"ocsf.severity_id","type":"schema-remapper"}],"name":"Apply + OCSF schema for 3001","schema":{"class_name":"Account Change","class_uid":3001,"profiles":["cloud","datetime"],"schema_type":"ocsf","version":"1.5.0"},"type":"schema-processor"}],"tags":[]}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v1/logs/config/pipelines + response: + body: + encoding: UTF-8 + string: '{"id":"-qkKiJPYTne-113i8XJ_Nw","type":"pipeline","name":"testSchemaProcessor","is_enabled":false,"is_read_only":false,"filter":{"query":"source:python"},"processors":[{"name":"Apply + OCSF schema for 3001","is_enabled":true,"mappers":[{"name":"activity_id and + activity_name","categories":[{"filter":{"query":"@eventName:(*Create*)"},"name":"Create","id":1},{"filter":{"query":"@eventName:(ChangePassword + OR PasswordUpdated)"},"name":"Password Change","id":3},{"filter":{"query":"@eventName:(*Attach*)"},"name":"Attach + Policy","id":7},{"filter":{"query":"@eventName:(*Detach* OR *Remove*)"},"name":"Detach + Policy","id":8},{"filter":{"query":"@eventName:(*Delete*)"},"name":"Delete","id":6},{"filter":{"query":"@eventName:*"},"name":"Other","id":99}],"targets":{"name":"ocsf.activity_name","id":"ocsf.activity_id"},"fallback":{"values":{"ocsf.activity_id":"99","ocsf.activity_name":"Other"},"sources":{"ocsf.activity_name":["eventName"]}},"type":"schema-category-mapper"},{"name":"status","categories":[{"filter":{"query":"-@errorCode:*"},"name":"Success","id":1},{"filter":{"query":"@errorCode:*"},"name":"Failure","id":2}],"targets":{"name":"ocsf.status","id":"ocsf.status_id"},"fallback":{"values":{},"sources":{}},"type":"schema-category-mapper"},{"name":"Set + default severity","categories":[{"filter":{"query":"@eventName:*"},"name":"Informational","id":1}],"targets":{"name":"ocsf.severity","id":"ocsf.severity_id"},"fallback":{"values":{},"sources":{}},"type":"schema-category-mapper"},{"name":"Map + userIdentity to ocsf.user.uid","sources":["userIdentity.principalId","responseElements.role.roleId","responseElements.user.userId"],"target":"ocsf.user.uid","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + userName to ocsf.user.name","sources":["requestParameters.userName","responseElements.role.roleName","requestParameters.roleName","responseElements.user.userName"],"target":"ocsf.user.name","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + api to ocsf.api","sources":["api"],"target":"ocsf.api","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + user to ocsf.user","sources":["user"],"target":"ocsf.user","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + actor to ocsf.actor","sources":["actor"],"target":"ocsf.actor","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + cloud to ocsf.cloud","sources":["cloud"],"target":"ocsf.cloud","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + http_request to ocsf.http_request","sources":["http_request"],"target":"ocsf.http_request","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + metadata to ocsf.metadata","sources":["metadata"],"target":"ocsf.metadata","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + time to ocsf.time","sources":["time"],"target":"ocsf.time","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + src_endpoint to ocsf.src_endpoint","sources":["src_endpoint"],"target":"ocsf.src_endpoint","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + severity to ocsf.severity","sources":["severity"],"target":"ocsf.severity","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + severity_id to ocsf.severity_id","sources":["severity_id"],"target":"ocsf.severity_id","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"}],"schema":{"schema_type":"ocsf","version":"1.5.0","class_name":"Account + Change","class_uid":3001,"extensions":[],"profiles":["cloud","datetime"]},"type":"schema-processor"}],"tags":[]} + + ' + headers: + Content-Type: + - application/json + status: + code: 200 + message: OK +- recorded_at: Wed, 22 Oct 2025 19:11:58 GMT + request: + body: null + headers: + Accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v1/logs/config/pipelines/-qkKiJPYTne-113i8XJ_Nw + response: + body: + encoding: UTF-8 + string: '{} + + ' + headers: + Content-Type: + - application/json + status: + code: 200 + message: OK +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-true-returns-OK-response.frozen b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-true-returns-OK-response.frozen new file mode 100644 index 000000000000..bd4fc475d303 --- /dev/null +++ b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-true-returns-OK-response.frozen @@ -0,0 +1 @@ +2025-10-22T19:11:59.195Z \ No newline at end of file diff --git a/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-true-returns-OK-response.yml b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-true-returns-OK-response.yml new file mode 100644 index 000000000000..f3de326d2fe7 --- /dev/null +++ b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-Schema-Processor-and-preserve-source-true-returns-OK-response.yml @@ -0,0 +1,83 @@ +http_interactions: +- recorded_at: Wed, 22 Oct 2025 19:11:59 GMT + request: + body: + encoding: UTF-8 + string: '{"filter":{"query":"source:python"},"name":"testSchemaProcessor","processors":[{"is_enabled":true,"mappers":[{"categories":[{"filter":{"query":"@eventName:(*Create*)"},"id":1,"name":"Create"},{"filter":{"query":"@eventName:(ChangePassword + OR PasswordUpdated)"},"id":3,"name":"Password Change"},{"filter":{"query":"@eventName:(*Attach*)"},"id":7,"name":"Attach + Policy"},{"filter":{"query":"@eventName:(*Detach* OR *Remove*)"},"id":8,"name":"Detach + Policy"},{"filter":{"query":"@eventName:(*Delete*)"},"id":6,"name":"Delete"},{"filter":{"query":"@eventName:*"},"id":99,"name":"Other"}],"fallback":{"sources":{"ocsf.activity_name":["eventName"]},"values":{"ocsf.activity_id":"99","ocsf.activity_name":"Other"}},"name":"activity_id + and activity_name","targets":{"id":"ocsf.activity_id","name":"ocsf.activity_name"},"type":"schema-category-mapper"},{"categories":[{"filter":{"query":"-@errorCode:*"},"id":1,"name":"Success"},{"filter":{"query":"@errorCode:*"},"id":2,"name":"Failure"}],"name":"status","targets":{"id":"ocsf.status_id","name":"ocsf.status"},"type":"schema-category-mapper"},{"categories":[{"filter":{"query":"@eventName:*"},"id":1,"name":"Informational"}],"name":"Set + default severity","targets":{"id":"ocsf.severity_id","name":"ocsf.severity"},"type":"schema-category-mapper"},{"name":"Map + userIdentity to ocsf.user.uid","preserve_source":true,"sources":["userIdentity.principalId","responseElements.role.roleId","responseElements.user.userId"],"target":"ocsf.user.uid","type":"schema-remapper"},{"name":"Map + userName to ocsf.user.name","preserve_source":true,"sources":["requestParameters.userName","responseElements.role.roleName","requestParameters.roleName","responseElements.user.userName"],"target":"ocsf.user.name","type":"schema-remapper"},{"name":"Map + api to ocsf.api","preserve_source":true,"sources":["api"],"target":"ocsf.api","type":"schema-remapper"},{"name":"Map + user to ocsf.user","preserve_source":true,"sources":["user"],"target":"ocsf.user","type":"schema-remapper"},{"name":"Map + actor to ocsf.actor","preserve_source":true,"sources":["actor"],"target":"ocsf.actor","type":"schema-remapper"},{"name":"Map + cloud to ocsf.cloud","preserve_source":true,"sources":["cloud"],"target":"ocsf.cloud","type":"schema-remapper"},{"name":"Map + http_request to ocsf.http_request","preserve_source":true,"sources":["http_request"],"target":"ocsf.http_request","type":"schema-remapper"},{"name":"Map + metadata to ocsf.metadata","preserve_source":true,"sources":["metadata"],"target":"ocsf.metadata","type":"schema-remapper"},{"name":"Map + time to ocsf.time","preserve_source":true,"sources":["time"],"target":"ocsf.time","type":"schema-remapper"},{"name":"Map + src_endpoint to ocsf.src_endpoint","preserve_source":true,"sources":["src_endpoint"],"target":"ocsf.src_endpoint","type":"schema-remapper"},{"name":"Map + severity to ocsf.severity","preserve_source":true,"sources":["severity"],"target":"ocsf.severity","type":"schema-remapper"},{"name":"Map + severity_id to ocsf.severity_id","preserve_source":true,"sources":["severity_id"],"target":"ocsf.severity_id","type":"schema-remapper"}],"name":"Apply + OCSF schema for 3001","schema":{"class_name":"Account Change","class_uid":3001,"profiles":["cloud","datetime"],"schema_type":"ocsf","version":"1.5.0"},"type":"schema-processor"}],"tags":[]}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v1/logs/config/pipelines + response: + body: + encoding: UTF-8 + string: '{"id":"ReEWRVSbQ-ersoCn0Ibo6g","type":"pipeline","name":"testSchemaProcessor","is_enabled":false,"is_read_only":false,"filter":{"query":"source:python"},"processors":[{"name":"Apply + OCSF schema for 3001","is_enabled":true,"mappers":[{"name":"activity_id and + activity_name","categories":[{"filter":{"query":"@eventName:(*Create*)"},"name":"Create","id":1},{"filter":{"query":"@eventName:(ChangePassword + OR PasswordUpdated)"},"name":"Password Change","id":3},{"filter":{"query":"@eventName:(*Attach*)"},"name":"Attach + Policy","id":7},{"filter":{"query":"@eventName:(*Detach* OR *Remove*)"},"name":"Detach + Policy","id":8},{"filter":{"query":"@eventName:(*Delete*)"},"name":"Delete","id":6},{"filter":{"query":"@eventName:*"},"name":"Other","id":99}],"targets":{"name":"ocsf.activity_name","id":"ocsf.activity_id"},"fallback":{"values":{"ocsf.activity_id":"99","ocsf.activity_name":"Other"},"sources":{"ocsf.activity_name":["eventName"]}},"type":"schema-category-mapper"},{"name":"status","categories":[{"filter":{"query":"-@errorCode:*"},"name":"Success","id":1},{"filter":{"query":"@errorCode:*"},"name":"Failure","id":2}],"targets":{"name":"ocsf.status","id":"ocsf.status_id"},"fallback":{"values":{},"sources":{}},"type":"schema-category-mapper"},{"name":"Set + default severity","categories":[{"filter":{"query":"@eventName:*"},"name":"Informational","id":1}],"targets":{"name":"ocsf.severity","id":"ocsf.severity_id"},"fallback":{"values":{},"sources":{}},"type":"schema-category-mapper"},{"name":"Map + userIdentity to ocsf.user.uid","sources":["userIdentity.principalId","responseElements.role.roleId","responseElements.user.userId"],"target":"ocsf.user.uid","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + userName to ocsf.user.name","sources":["requestParameters.userName","responseElements.role.roleName","requestParameters.roleName","responseElements.user.userName"],"target":"ocsf.user.name","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + api to ocsf.api","sources":["api"],"target":"ocsf.api","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + user to ocsf.user","sources":["user"],"target":"ocsf.user","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + actor to ocsf.actor","sources":["actor"],"target":"ocsf.actor","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + cloud to ocsf.cloud","sources":["cloud"],"target":"ocsf.cloud","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + http_request to ocsf.http_request","sources":["http_request"],"target":"ocsf.http_request","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + metadata to ocsf.metadata","sources":["metadata"],"target":"ocsf.metadata","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + time to ocsf.time","sources":["time"],"target":"ocsf.time","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + src_endpoint to ocsf.src_endpoint","sources":["src_endpoint"],"target":"ocsf.src_endpoint","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + severity to ocsf.severity","sources":["severity"],"target":"ocsf.severity","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + severity_id to ocsf.severity_id","sources":["severity_id"],"target":"ocsf.severity_id","preserve_source":true,"override_on_conflict":false,"type":"schema-remapper"}],"schema":{"schema_type":"ocsf","version":"1.5.0","class_name":"Account + Change","class_uid":3001,"extensions":[],"profiles":["cloud","datetime"]},"type":"schema-processor"}],"tags":[]} + + ' + headers: + Content-Type: + - application/json + status: + code: 200 + message: OK +- recorded_at: Wed, 22 Oct 2025 19:11:59 GMT + request: + body: null + headers: + Accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v1/logs/config/pipelines/ReEWRVSbQ-ersoCn0Ibo6g + response: + body: + encoding: UTF-8 + string: '{} + + ' + headers: + Content-Type: + - application/json + status: + code: 200 + message: OK +recorded_with: VCR 6.0.0 diff --git a/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-schema-processor.frozen b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-schema-processor.frozen new file mode 100644 index 000000000000..ac0d5b77e902 --- /dev/null +++ b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-schema-processor.frozen @@ -0,0 +1 @@ +2025-10-22T19:12:00.030Z \ No newline at end of file diff --git a/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-schema-processor.yml b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-schema-processor.yml new file mode 100644 index 000000000000..ef2772f1c916 --- /dev/null +++ b/cassettes/features/v1/logs_pipelines/Create-a-pipeline-with-schema-processor.yml @@ -0,0 +1,83 @@ +http_interactions: +- recorded_at: Wed, 22 Oct 2025 19:12:00 GMT + request: + body: + encoding: UTF-8 + string: '{"filter":{"query":"source:python"},"name":"testSchemaProcessor","processors":[{"is_enabled":true,"mappers":[{"categories":[{"filter":{"query":"@eventName:(*Create*)"},"id":1,"name":"Create"},{"filter":{"query":"@eventName:(ChangePassword + OR PasswordUpdated)"},"id":3,"name":"Password Change"},{"filter":{"query":"@eventName:(*Attach*)"},"id":7,"name":"Attach + Policy"},{"filter":{"query":"@eventName:(*Detach* OR *Remove*)"},"id":8,"name":"Detach + Policy"},{"filter":{"query":"@eventName:(*Delete*)"},"id":6,"name":"Delete"},{"filter":{"query":"@eventName:*"},"id":99,"name":"Other"}],"fallback":{"sources":{"ocsf.activity_name":["eventName"]},"values":{"ocsf.activity_id":"99","ocsf.activity_name":"Other"}},"name":"activity_id + and activity_name","targets":{"id":"ocsf.activity_id","name":"ocsf.activity_name"},"type":"schema-category-mapper"},{"categories":[{"filter":{"query":"-@errorCode:*"},"id":1,"name":"Success"},{"filter":{"query":"@errorCode:*"},"id":2,"name":"Failure"}],"name":"status","targets":{"id":"ocsf.status_id","name":"ocsf.status"},"type":"schema-category-mapper"},{"categories":[{"filter":{"query":"@eventName:*"},"id":1,"name":"Informational"}],"name":"Set + default severity","targets":{"id":"ocsf.severity_id","name":"ocsf.severity"},"type":"schema-category-mapper"},{"name":"Map + userIdentity to ocsf.user.uid","sources":["userIdentity.principalId","responseElements.role.roleId","responseElements.user.userId"],"target":"ocsf.user.uid","type":"schema-remapper"},{"name":"Map + userName to ocsf.user.name","sources":["requestParameters.userName","responseElements.role.roleName","requestParameters.roleName","responseElements.user.userName"],"target":"ocsf.user.name","type":"schema-remapper"},{"name":"Map + api to ocsf.api","sources":["api"],"target":"ocsf.api","type":"schema-remapper"},{"name":"Map + user to ocsf.user","sources":["user"],"target":"ocsf.user","type":"schema-remapper"},{"name":"Map + actor to ocsf.actor","sources":["actor"],"target":"ocsf.actor","type":"schema-remapper"},{"name":"Map + cloud to ocsf.cloud","sources":["cloud"],"target":"ocsf.cloud","type":"schema-remapper"},{"name":"Map + http_request to ocsf.http_request","sources":["http_request"],"target":"ocsf.http_request","type":"schema-remapper"},{"name":"Map + metadata to ocsf.metadata","sources":["metadata"],"target":"ocsf.metadata","type":"schema-remapper"},{"name":"Map + time to ocsf.time","sources":["time"],"target":"ocsf.time","type":"schema-remapper"},{"name":"Map + src_endpoint to ocsf.src_endpoint","sources":["src_endpoint"],"target":"ocsf.src_endpoint","type":"schema-remapper"},{"name":"Map + severity to ocsf.severity","sources":["severity"],"target":"ocsf.severity","type":"schema-remapper"},{"name":"Map + severity_id to ocsf.severity_id","sources":["severity_id"],"target":"ocsf.severity_id","type":"schema-remapper"}],"name":"Apply + OCSF schema for 3001","schema":{"class_name":"Account Change","class_uid":3001,"profiles":["cloud","datetime"],"schema_type":"ocsf","version":"1.5.0"},"type":"schema-processor"}],"tags":[]}' + headers: + Accept: + - application/json + Content-Type: + - application/json + method: POST + uri: https://api.datadoghq.com/api/v1/logs/config/pipelines + response: + body: + encoding: UTF-8 + string: '{"id":"1unf0vMNQKSSwzsg6BuWMw","type":"pipeline","name":"testSchemaProcessor","is_enabled":false,"is_read_only":false,"filter":{"query":"source:python"},"processors":[{"name":"Apply + OCSF schema for 3001","is_enabled":true,"mappers":[{"name":"activity_id and + activity_name","categories":[{"filter":{"query":"@eventName:(*Create*)"},"name":"Create","id":1},{"filter":{"query":"@eventName:(ChangePassword + OR PasswordUpdated)"},"name":"Password Change","id":3},{"filter":{"query":"@eventName:(*Attach*)"},"name":"Attach + Policy","id":7},{"filter":{"query":"@eventName:(*Detach* OR *Remove*)"},"name":"Detach + Policy","id":8},{"filter":{"query":"@eventName:(*Delete*)"},"name":"Delete","id":6},{"filter":{"query":"@eventName:*"},"name":"Other","id":99}],"targets":{"name":"ocsf.activity_name","id":"ocsf.activity_id"},"fallback":{"values":{"ocsf.activity_id":"99","ocsf.activity_name":"Other"},"sources":{"ocsf.activity_name":["eventName"]}},"type":"schema-category-mapper"},{"name":"status","categories":[{"filter":{"query":"-@errorCode:*"},"name":"Success","id":1},{"filter":{"query":"@errorCode:*"},"name":"Failure","id":2}],"targets":{"name":"ocsf.status","id":"ocsf.status_id"},"fallback":{"values":{},"sources":{}},"type":"schema-category-mapper"},{"name":"Set + default severity","categories":[{"filter":{"query":"@eventName:*"},"name":"Informational","id":1}],"targets":{"name":"ocsf.severity","id":"ocsf.severity_id"},"fallback":{"values":{},"sources":{}},"type":"schema-category-mapper"},{"name":"Map + userIdentity to ocsf.user.uid","sources":["userIdentity.principalId","responseElements.role.roleId","responseElements.user.userId"],"target":"ocsf.user.uid","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + userName to ocsf.user.name","sources":["requestParameters.userName","responseElements.role.roleName","requestParameters.roleName","responseElements.user.userName"],"target":"ocsf.user.name","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + api to ocsf.api","sources":["api"],"target":"ocsf.api","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + user to ocsf.user","sources":["user"],"target":"ocsf.user","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + actor to ocsf.actor","sources":["actor"],"target":"ocsf.actor","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + cloud to ocsf.cloud","sources":["cloud"],"target":"ocsf.cloud","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + http_request to ocsf.http_request","sources":["http_request"],"target":"ocsf.http_request","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + metadata to ocsf.metadata","sources":["metadata"],"target":"ocsf.metadata","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + time to ocsf.time","sources":["time"],"target":"ocsf.time","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + src_endpoint to ocsf.src_endpoint","sources":["src_endpoint"],"target":"ocsf.src_endpoint","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + severity to ocsf.severity","sources":["severity"],"target":"ocsf.severity","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"},{"name":"Map + severity_id to ocsf.severity_id","sources":["severity_id"],"target":"ocsf.severity_id","preserve_source":false,"override_on_conflict":false,"type":"schema-remapper"}],"schema":{"schema_type":"ocsf","version":"1.5.0","class_name":"Account + Change","class_uid":3001,"extensions":[],"profiles":["cloud","datetime"]},"type":"schema-processor"}],"tags":[]} + + ' + headers: + Content-Type: + - application/json + status: + code: 200 + message: OK +- recorded_at: Wed, 22 Oct 2025 19:12:00 GMT + request: + body: null + headers: + Accept: + - '*/*' + method: DELETE + uri: https://api.datadoghq.com/api/v1/logs/config/pipelines/1unf0vMNQKSSwzsg6BuWMw + response: + body: + encoding: UTF-8 + string: '{} + + ' + headers: + Content-Type: + - application/json + status: + code: 200 + message: OK +recorded_with: VCR 6.0.0 diff --git a/examples/v1/logs-pipelines/CreateLogsPipeline_1745625064.rb b/examples/v1/logs-pipelines/CreateLogsPipeline_1745625064.rb new file mode 100644 index 000000000000..39bb20cc93aa --- /dev/null +++ b/examples/v1/logs-pipelines/CreateLogsPipeline_1745625064.rb @@ -0,0 +1,248 @@ +# Create a pipeline with Schema Processor and preserve_source true returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V1::LogsPipelinesAPI.new + +body = DatadogAPIClient::V1::LogsPipeline.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "source:python", + }), + name: "testSchemaProcessor", + processors: [ + DatadogAPIClient::V1::LogsSchemaProcessor.new({ + type: DatadogAPIClient::V1::LogsSchemaProcessorType::SCHEMA_PROCESSOR, + is_enabled: true, + name: "Apply OCSF schema for 3001", + schema: DatadogAPIClient::V1::LogsSchemaData.new({ + schema_type: "ocsf", + version: "1.5.0", + class_uid: 3001, + class_name: "Account Change", + profiles: [ + "cloud", + "datetime", + ], + }), + mappers: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapper.new({ + type: DatadogAPIClient::V1::LogsSchemaCategoryMapperType::SCHEMA_CATEGORY_MAPPER, + name: "activity_id and activity_name", + categories: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Create*)", + }), + name: "Create", + id: 1, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(ChangePassword OR PasswordUpdated)", + }), + name: "Password Change", + id: 3, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Attach*)", + }), + name: "Attach Policy", + id: 7, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Detach* OR *Remove*)", + }), + name: "Detach Policy", + id: 8, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Delete*)", + }), + name: "Delete", + id: 6, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:*", + }), + name: "Other", + id: 99, + }), + ], + targets: DatadogAPIClient::V1::LogsSchemaCategoryMapperTargets.new({ + name: "ocsf.activity_name", + id: "ocsf.activity_id", + }), + fallback: DatadogAPIClient::V1::LogsSchemaCategoryMapperFallback.new({ + values: { + "ocsf.activity_id" => "99", "ocsf.activity_name" => "Other", + }, + sources: { + "ocsf.activity_name" => [ + "eventName", + ], + }, + }), + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapper.new({ + type: DatadogAPIClient::V1::LogsSchemaCategoryMapperType::SCHEMA_CATEGORY_MAPPER, + name: "status", + categories: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "-@errorCode:*", + }), + id: 1, + name: "Success", + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@errorCode:*", + }), + id: 2, + name: "Failure", + }), + ], + targets: DatadogAPIClient::V1::LogsSchemaCategoryMapperTargets.new({ + id: "ocsf.status_id", + name: "ocsf.status", + }), + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapper.new({ + type: DatadogAPIClient::V1::LogsSchemaCategoryMapperType::SCHEMA_CATEGORY_MAPPER, + name: "Set default severity", + categories: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:*", + }), + name: "Informational", + id: 1, + }), + ], + targets: DatadogAPIClient::V1::LogsSchemaCategoryMapperTargets.new({ + name: "ocsf.severity", + id: "ocsf.severity_id", + }), + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map userIdentity to ocsf.user.uid", + sources: [ + "userIdentity.principalId", + "responseElements.role.roleId", + "responseElements.user.userId", + ], + target: "ocsf.user.uid", + preserve_source: true, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map userName to ocsf.user.name", + sources: [ + "requestParameters.userName", + "responseElements.role.roleName", + "requestParameters.roleName", + "responseElements.user.userName", + ], + target: "ocsf.user.name", + preserve_source: true, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map api to ocsf.api", + sources: [ + "api", + ], + target: "ocsf.api", + preserve_source: true, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map user to ocsf.user", + sources: [ + "user", + ], + target: "ocsf.user", + preserve_source: true, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map actor to ocsf.actor", + sources: [ + "actor", + ], + target: "ocsf.actor", + preserve_source: true, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map cloud to ocsf.cloud", + sources: [ + "cloud", + ], + target: "ocsf.cloud", + preserve_source: true, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map http_request to ocsf.http_request", + sources: [ + "http_request", + ], + target: "ocsf.http_request", + preserve_source: true, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map metadata to ocsf.metadata", + sources: [ + "metadata", + ], + target: "ocsf.metadata", + preserve_source: true, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map time to ocsf.time", + sources: [ + "time", + ], + target: "ocsf.time", + preserve_source: true, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map src_endpoint to ocsf.src_endpoint", + sources: [ + "src_endpoint", + ], + target: "ocsf.src_endpoint", + preserve_source: true, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map severity to ocsf.severity", + sources: [ + "severity", + ], + target: "ocsf.severity", + preserve_source: true, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map severity_id to ocsf.severity_id", + sources: [ + "severity_id", + ], + target: "ocsf.severity_id", + preserve_source: true, + }), + ], + }), + ], + tags: [], +}) +p api_instance.create_logs_pipeline(body) diff --git a/examples/v1/logs-pipelines/CreateLogsPipeline_2256674867.rb b/examples/v1/logs-pipelines/CreateLogsPipeline_2256674867.rb new file mode 100644 index 000000000000..3db230ee4e7f --- /dev/null +++ b/examples/v1/logs-pipelines/CreateLogsPipeline_2256674867.rb @@ -0,0 +1,248 @@ +# Create a pipeline with Schema Processor and preserve_source false returns "OK" response + +require "datadog_api_client" +api_instance = DatadogAPIClient::V1::LogsPipelinesAPI.new + +body = DatadogAPIClient::V1::LogsPipeline.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "source:python", + }), + name: "testSchemaProcessor", + processors: [ + DatadogAPIClient::V1::LogsSchemaProcessor.new({ + type: DatadogAPIClient::V1::LogsSchemaProcessorType::SCHEMA_PROCESSOR, + is_enabled: true, + name: "Apply OCSF schema for 3001", + schema: DatadogAPIClient::V1::LogsSchemaData.new({ + schema_type: "ocsf", + version: "1.5.0", + class_uid: 3001, + class_name: "Account Change", + profiles: [ + "cloud", + "datetime", + ], + }), + mappers: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapper.new({ + type: DatadogAPIClient::V1::LogsSchemaCategoryMapperType::SCHEMA_CATEGORY_MAPPER, + name: "activity_id and activity_name", + categories: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Create*)", + }), + name: "Create", + id: 1, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(ChangePassword OR PasswordUpdated)", + }), + name: "Password Change", + id: 3, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Attach*)", + }), + name: "Attach Policy", + id: 7, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Detach* OR *Remove*)", + }), + name: "Detach Policy", + id: 8, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Delete*)", + }), + name: "Delete", + id: 6, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:*", + }), + name: "Other", + id: 99, + }), + ], + targets: DatadogAPIClient::V1::LogsSchemaCategoryMapperTargets.new({ + name: "ocsf.activity_name", + id: "ocsf.activity_id", + }), + fallback: DatadogAPIClient::V1::LogsSchemaCategoryMapperFallback.new({ + values: { + "ocsf.activity_id" => "99", "ocsf.activity_name" => "Other", + }, + sources: { + "ocsf.activity_name" => [ + "eventName", + ], + }, + }), + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapper.new({ + type: DatadogAPIClient::V1::LogsSchemaCategoryMapperType::SCHEMA_CATEGORY_MAPPER, + name: "status", + categories: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "-@errorCode:*", + }), + id: 1, + name: "Success", + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@errorCode:*", + }), + id: 2, + name: "Failure", + }), + ], + targets: DatadogAPIClient::V1::LogsSchemaCategoryMapperTargets.new({ + id: "ocsf.status_id", + name: "ocsf.status", + }), + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapper.new({ + type: DatadogAPIClient::V1::LogsSchemaCategoryMapperType::SCHEMA_CATEGORY_MAPPER, + name: "Set default severity", + categories: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:*", + }), + name: "Informational", + id: 1, + }), + ], + targets: DatadogAPIClient::V1::LogsSchemaCategoryMapperTargets.new({ + name: "ocsf.severity", + id: "ocsf.severity_id", + }), + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map userIdentity to ocsf.user.uid", + sources: [ + "userIdentity.principalId", + "responseElements.role.roleId", + "responseElements.user.userId", + ], + target: "ocsf.user.uid", + preserve_source: false, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map userName to ocsf.user.name", + sources: [ + "requestParameters.userName", + "responseElements.role.roleName", + "requestParameters.roleName", + "responseElements.user.userName", + ], + target: "ocsf.user.name", + preserve_source: false, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map api to ocsf.api", + sources: [ + "api", + ], + target: "ocsf.api", + preserve_source: false, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map user to ocsf.user", + sources: [ + "user", + ], + target: "ocsf.user", + preserve_source: false, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map actor to ocsf.actor", + sources: [ + "actor", + ], + target: "ocsf.actor", + preserve_source: false, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map cloud to ocsf.cloud", + sources: [ + "cloud", + ], + target: "ocsf.cloud", + preserve_source: false, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map http_request to ocsf.http_request", + sources: [ + "http_request", + ], + target: "ocsf.http_request", + preserve_source: false, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map metadata to ocsf.metadata", + sources: [ + "metadata", + ], + target: "ocsf.metadata", + preserve_source: false, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map time to ocsf.time", + sources: [ + "time", + ], + target: "ocsf.time", + preserve_source: false, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map src_endpoint to ocsf.src_endpoint", + sources: [ + "src_endpoint", + ], + target: "ocsf.src_endpoint", + preserve_source: false, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map severity to ocsf.severity", + sources: [ + "severity", + ], + target: "ocsf.severity", + preserve_source: false, + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map severity_id to ocsf.severity_id", + sources: [ + "severity_id", + ], + target: "ocsf.severity_id", + preserve_source: false, + }), + ], + }), + ], + tags: [], +}) +p api_instance.create_logs_pipeline(body) diff --git a/examples/v1/logs-pipelines/CreateLogsPipeline_501419705.rb b/examples/v1/logs-pipelines/CreateLogsPipeline_501419705.rb new file mode 100644 index 000000000000..89fa6fefb4ac --- /dev/null +++ b/examples/v1/logs-pipelines/CreateLogsPipeline_501419705.rb @@ -0,0 +1,236 @@ +# Create a pipeline with schema processor + +require "datadog_api_client" +api_instance = DatadogAPIClient::V1::LogsPipelinesAPI.new + +body = DatadogAPIClient::V1::LogsPipeline.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "source:python", + }), + name: "testSchemaProcessor", + processors: [ + DatadogAPIClient::V1::LogsSchemaProcessor.new({ + type: DatadogAPIClient::V1::LogsSchemaProcessorType::SCHEMA_PROCESSOR, + is_enabled: true, + name: "Apply OCSF schema for 3001", + schema: DatadogAPIClient::V1::LogsSchemaData.new({ + schema_type: "ocsf", + version: "1.5.0", + class_uid: 3001, + class_name: "Account Change", + profiles: [ + "cloud", + "datetime", + ], + }), + mappers: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapper.new({ + type: DatadogAPIClient::V1::LogsSchemaCategoryMapperType::SCHEMA_CATEGORY_MAPPER, + name: "activity_id and activity_name", + categories: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Create*)", + }), + name: "Create", + id: 1, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(ChangePassword OR PasswordUpdated)", + }), + name: "Password Change", + id: 3, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Attach*)", + }), + name: "Attach Policy", + id: 7, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Detach* OR *Remove*)", + }), + name: "Detach Policy", + id: 8, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:(*Delete*)", + }), + name: "Delete", + id: 6, + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:*", + }), + name: "Other", + id: 99, + }), + ], + targets: DatadogAPIClient::V1::LogsSchemaCategoryMapperTargets.new({ + name: "ocsf.activity_name", + id: "ocsf.activity_id", + }), + fallback: DatadogAPIClient::V1::LogsSchemaCategoryMapperFallback.new({ + values: { + "ocsf.activity_id" => "99", "ocsf.activity_name" => "Other", + }, + sources: { + "ocsf.activity_name" => [ + "eventName", + ], + }, + }), + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapper.new({ + type: DatadogAPIClient::V1::LogsSchemaCategoryMapperType::SCHEMA_CATEGORY_MAPPER, + name: "status", + categories: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "-@errorCode:*", + }), + id: 1, + name: "Success", + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@errorCode:*", + }), + id: 2, + name: "Failure", + }), + ], + targets: DatadogAPIClient::V1::LogsSchemaCategoryMapperTargets.new({ + id: "ocsf.status_id", + name: "ocsf.status", + }), + }), + DatadogAPIClient::V1::LogsSchemaCategoryMapper.new({ + type: DatadogAPIClient::V1::LogsSchemaCategoryMapperType::SCHEMA_CATEGORY_MAPPER, + name: "Set default severity", + categories: [ + DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory.new({ + filter: DatadogAPIClient::V1::LogsFilter.new({ + query: "@eventName:*", + }), + name: "Informational", + id: 1, + }), + ], + targets: DatadogAPIClient::V1::LogsSchemaCategoryMapperTargets.new({ + name: "ocsf.severity", + id: "ocsf.severity_id", + }), + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map userIdentity to ocsf.user.uid", + sources: [ + "userIdentity.principalId", + "responseElements.role.roleId", + "responseElements.user.userId", + ], + target: "ocsf.user.uid", + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map userName to ocsf.user.name", + sources: [ + "requestParameters.userName", + "responseElements.role.roleName", + "requestParameters.roleName", + "responseElements.user.userName", + ], + target: "ocsf.user.name", + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map api to ocsf.api", + sources: [ + "api", + ], + target: "ocsf.api", + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map user to ocsf.user", + sources: [ + "user", + ], + target: "ocsf.user", + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map actor to ocsf.actor", + sources: [ + "actor", + ], + target: "ocsf.actor", + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map cloud to ocsf.cloud", + sources: [ + "cloud", + ], + target: "ocsf.cloud", + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map http_request to ocsf.http_request", + sources: [ + "http_request", + ], + target: "ocsf.http_request", + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map metadata to ocsf.metadata", + sources: [ + "metadata", + ], + target: "ocsf.metadata", + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map time to ocsf.time", + sources: [ + "time", + ], + target: "ocsf.time", + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map src_endpoint to ocsf.src_endpoint", + sources: [ + "src_endpoint", + ], + target: "ocsf.src_endpoint", + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map severity to ocsf.severity", + sources: [ + "severity", + ], + target: "ocsf.severity", + }), + DatadogAPIClient::V1::LogsSchemaRemapper.new({ + type: DatadogAPIClient::V1::LogsSchemaRemapperType::SCHEMA_REMAPPER, + name: "Map severity_id to ocsf.severity_id", + sources: [ + "severity_id", + ], + target: "ocsf.severity_id", + }), + ], + }), + ], + tags: [], +}) +p api_instance.create_logs_pipeline(body) diff --git a/features/v1/logs_pipelines.feature b/features/v1/logs_pipelines.feature index cdb150dd6edf..5f7dde5db679 100644 --- a/features/v1/logs_pipelines.feature +++ b/features/v1/logs_pipelines.feature @@ -77,6 +77,20 @@ Feature: Logs Pipelines When the request is sent Then the response status is 200 OK + @team:DataDog/event-platform-experience + Scenario: Create a pipeline with Schema Processor and preserve_source false returns "OK" response + Given new "CreateLogsPipeline" request + And body with value {"filter": {"query": "source:python"}, "name": "testSchemaProcessor", "processors": [{"type": "schema-processor", "is_enabled": true, "name": "Apply OCSF schema for 3001", "schema": {"schema_type": "ocsf", "version": "1.5.0", "class_uid": 3001, "class_name": "Account Change", "profiles": ["cloud", "datetime"]}, "mappers": [{"type": "schema-category-mapper", "name": "activity_id and activity_name", "categories": [{"filter": {"query": "@eventName:(*Create*)"}, "name": "Create", "id": 1}, {"filter": {"query": "@eventName:(ChangePassword OR PasswordUpdated)"}, "name": "Password Change", "id": 3}, {"filter": {"query": "@eventName:(*Attach*)"}, "name": "Attach Policy", "id": 7}, {"filter": {"query": "@eventName:(*Detach* OR *Remove*)"}, "name": "Detach Policy", "id": 8}, {"filter": {"query": "@eventName:(*Delete*)"}, "name": "Delete", "id": 6}, {"filter": {"query": "@eventName:*"}, "name": "Other", "id": 99}], "targets": {"name": "ocsf.activity_name", "id": "ocsf.activity_id"}, "fallback": {"values": {"ocsf.activity_id": "99", "ocsf.activity_name": "Other"}, "sources": {"ocsf.activity_name": ["eventName"]}}}, {"type": "schema-category-mapper", "name": "status", "categories": [{"filter": {"query": "-@errorCode:*"}, "id": 1, "name": "Success"}, {"filter": {"query": "@errorCode:*"}, "id": 2, "name": "Failure"}], "targets": {"id": "ocsf.status_id", "name": "ocsf.status"}}, {"type": "schema-category-mapper", "name": "Set default severity", "categories": [{"filter": {"query": "@eventName:*"}, "name": "Informational", "id": 1}], "targets": {"name": "ocsf.severity", "id": "ocsf.severity_id"}}, {"type": "schema-remapper", "name": "Map userIdentity to ocsf.user.uid", "sources": ["userIdentity.principalId", "responseElements.role.roleId", "responseElements.user.userId"], "target": "ocsf.user.uid", "preserve_source": false}, {"type": "schema-remapper", "name": "Map userName to ocsf.user.name", "sources": ["requestParameters.userName", "responseElements.role.roleName", "requestParameters.roleName", "responseElements.user.userName"], "target": "ocsf.user.name", "preserve_source": false}, {"type": "schema-remapper", "name": "Map api to ocsf.api", "sources": ["api"], "target": "ocsf.api", "preserve_source": false}, {"type": "schema-remapper", "name": "Map user to ocsf.user", "sources": ["user"], "target": "ocsf.user", "preserve_source": false}, {"type": "schema-remapper", "name": "Map actor to ocsf.actor", "sources": ["actor"], "target": "ocsf.actor", "preserve_source": false}, {"type": "schema-remapper", "name": "Map cloud to ocsf.cloud", "sources": ["cloud"], "target": "ocsf.cloud", "preserve_source": false}, {"type": "schema-remapper", "name": "Map http_request to ocsf.http_request", "sources": ["http_request"], "target": "ocsf.http_request", "preserve_source": false}, {"type": "schema-remapper", "name": "Map metadata to ocsf.metadata", "sources": ["metadata"], "target": "ocsf.metadata", "preserve_source": false}, {"type": "schema-remapper", "name": "Map time to ocsf.time", "sources": ["time"], "target": "ocsf.time", "preserve_source": false}, {"type": "schema-remapper", "name": "Map src_endpoint to ocsf.src_endpoint", "sources": ["src_endpoint"], "target": "ocsf.src_endpoint", "preserve_source": false}, {"type": "schema-remapper", "name": "Map severity to ocsf.severity", "sources": ["severity"], "target": "ocsf.severity", "preserve_source": false}, {"type": "schema-remapper", "name": "Map severity_id to ocsf.severity_id", "sources": ["severity_id"], "target": "ocsf.severity_id", "preserve_source": false}]}], "tags": []} + When the request is sent + Then the response status is 200 OK + + @team:DataDog/event-platform-experience + Scenario: Create a pipeline with Schema Processor and preserve_source true returns "OK" response + Given new "CreateLogsPipeline" request + And body with value {"filter": {"query": "source:python"}, "name": "testSchemaProcessor", "processors": [{"type": "schema-processor", "is_enabled": true, "name": "Apply OCSF schema for 3001", "schema": {"schema_type": "ocsf", "version": "1.5.0", "class_uid": 3001, "class_name": "Account Change", "profiles": ["cloud", "datetime"]}, "mappers": [{"type": "schema-category-mapper", "name": "activity_id and activity_name", "categories": [{"filter": {"query": "@eventName:(*Create*)"}, "name": "Create", "id": 1}, {"filter": {"query": "@eventName:(ChangePassword OR PasswordUpdated)"}, "name": "Password Change", "id": 3}, {"filter": {"query": "@eventName:(*Attach*)"}, "name": "Attach Policy", "id": 7}, {"filter": {"query": "@eventName:(*Detach* OR *Remove*)"}, "name": "Detach Policy", "id": 8}, {"filter": {"query": "@eventName:(*Delete*)"}, "name": "Delete", "id": 6}, {"filter": {"query": "@eventName:*"}, "name": "Other", "id": 99}], "targets": {"name": "ocsf.activity_name", "id": "ocsf.activity_id"}, "fallback": {"values": {"ocsf.activity_id": "99", "ocsf.activity_name": "Other"}, "sources": {"ocsf.activity_name": ["eventName"]}}}, {"type": "schema-category-mapper", "name": "status", "categories": [{"filter": {"query": "-@errorCode:*"}, "id": 1, "name": "Success"}, {"filter": {"query": "@errorCode:*"}, "id": 2, "name": "Failure"}], "targets": {"id": "ocsf.status_id", "name": "ocsf.status"}}, {"type": "schema-category-mapper", "name": "Set default severity", "categories": [{"filter": {"query": "@eventName:*"}, "name": "Informational", "id": 1}], "targets": {"name": "ocsf.severity", "id": "ocsf.severity_id"}}, {"type": "schema-remapper", "name": "Map userIdentity to ocsf.user.uid", "sources": ["userIdentity.principalId", "responseElements.role.roleId", "responseElements.user.userId"], "target": "ocsf.user.uid", "preserve_source": true}, {"type": "schema-remapper", "name": "Map userName to ocsf.user.name", "sources": ["requestParameters.userName", "responseElements.role.roleName", "requestParameters.roleName", "responseElements.user.userName"], "target": "ocsf.user.name", "preserve_source": true}, {"type": "schema-remapper", "name": "Map api to ocsf.api", "sources": ["api"], "target": "ocsf.api", "preserve_source": true}, {"type": "schema-remapper", "name": "Map user to ocsf.user", "sources": ["user"], "target": "ocsf.user", "preserve_source": true}, {"type": "schema-remapper", "name": "Map actor to ocsf.actor", "sources": ["actor"], "target": "ocsf.actor", "preserve_source": true}, {"type": "schema-remapper", "name": "Map cloud to ocsf.cloud", "sources": ["cloud"], "target": "ocsf.cloud", "preserve_source": true}, {"type": "schema-remapper", "name": "Map http_request to ocsf.http_request", "sources": ["http_request"], "target": "ocsf.http_request", "preserve_source": true}, {"type": "schema-remapper", "name": "Map metadata to ocsf.metadata", "sources": ["metadata"], "target": "ocsf.metadata", "preserve_source": true}, {"type": "schema-remapper", "name": "Map time to ocsf.time", "sources": ["time"], "target": "ocsf.time", "preserve_source": true}, {"type": "schema-remapper", "name": "Map src_endpoint to ocsf.src_endpoint", "sources": ["src_endpoint"], "target": "ocsf.src_endpoint", "preserve_source": true}, {"type": "schema-remapper", "name": "Map severity to ocsf.severity", "sources": ["severity"], "target": "ocsf.severity", "preserve_source": true}, {"type": "schema-remapper", "name": "Map severity_id to ocsf.severity_id", "sources": ["severity_id"], "target": "ocsf.severity_id", "preserve_source": true}]}], "tags": []} + When the request is sent + Then the response status is 200 OK + @team:DataDog/event-platform-experience Scenario: Create a pipeline with Span Id Remapper returns "OK" response Given new "CreateLogsPipeline" request @@ -84,6 +98,13 @@ Feature: Logs Pipelines When the request is sent Then the response status is 200 OK + @team:DataDog/event-platform-experience + Scenario: Create a pipeline with schema processor + Given new "CreateLogsPipeline" request + And body with value {"filter": {"query": "source:python"}, "name": "testSchemaProcessor", "processors": [{"type": "schema-processor", "is_enabled": true, "name": "Apply OCSF schema for 3001", "schema": {"schema_type": "ocsf", "version": "1.5.0", "class_uid": 3001, "class_name": "Account Change", "profiles": ["cloud", "datetime"]}, "mappers": [{"type": "schema-category-mapper", "name": "activity_id and activity_name", "categories": [{"filter": {"query": "@eventName:(*Create*)"}, "name": "Create", "id": 1}, {"filter": {"query": "@eventName:(ChangePassword OR PasswordUpdated)"}, "name": "Password Change", "id": 3}, {"filter": {"query": "@eventName:(*Attach*)"}, "name": "Attach Policy", "id": 7}, {"filter": {"query": "@eventName:(*Detach* OR *Remove*)"}, "name": "Detach Policy", "id": 8}, {"filter": {"query": "@eventName:(*Delete*)"}, "name": "Delete", "id": 6}, {"filter": {"query": "@eventName:*"}, "name": "Other", "id": 99}], "targets": {"name": "ocsf.activity_name", "id": "ocsf.activity_id"}, "fallback": {"values": {"ocsf.activity_id": "99", "ocsf.activity_name": "Other"}, "sources": {"ocsf.activity_name": ["eventName"]}}}, {"type": "schema-category-mapper", "name": "status", "categories": [{"filter": {"query": "-@errorCode:*"}, "id": 1, "name": "Success"}, {"filter": {"query": "@errorCode:*"}, "id": 2, "name": "Failure"}], "targets": {"id": "ocsf.status_id", "name": "ocsf.status"}}, {"type": "schema-category-mapper", "name": "Set default severity", "categories": [{"filter": {"query": "@eventName:*"}, "name": "Informational", "id": 1}], "targets": {"name": "ocsf.severity", "id": "ocsf.severity_id"}}, {"type": "schema-remapper", "name": "Map userIdentity to ocsf.user.uid", "sources": ["userIdentity.principalId", "responseElements.role.roleId", "responseElements.user.userId"], "target": "ocsf.user.uid"}, {"type": "schema-remapper", "name": "Map userName to ocsf.user.name", "sources": ["requestParameters.userName", "responseElements.role.roleName", "requestParameters.roleName", "responseElements.user.userName"], "target": "ocsf.user.name"}, {"type": "schema-remapper", "name": "Map api to ocsf.api", "sources": ["api"], "target": "ocsf.api"}, {"type": "schema-remapper", "name": "Map user to ocsf.user", "sources": ["user"], "target": "ocsf.user"}, {"type": "schema-remapper", "name": "Map actor to ocsf.actor", "sources": ["actor"], "target": "ocsf.actor"}, {"type": "schema-remapper", "name": "Map cloud to ocsf.cloud", "sources": ["cloud"], "target": "ocsf.cloud"}, {"type": "schema-remapper", "name": "Map http_request to ocsf.http_request", "sources": ["http_request"], "target": "ocsf.http_request"}, {"type": "schema-remapper", "name": "Map metadata to ocsf.metadata", "sources": ["metadata"], "target": "ocsf.metadata"}, {"type": "schema-remapper", "name": "Map time to ocsf.time", "sources": ["time"], "target": "ocsf.time"}, {"type": "schema-remapper", "name": "Map src_endpoint to ocsf.src_endpoint", "sources": ["src_endpoint"], "target": "ocsf.src_endpoint"}, {"type": "schema-remapper", "name": "Map severity to ocsf.severity", "sources": ["severity"], "target": "ocsf.severity"}, {"type": "schema-remapper", "name": "Map severity_id to ocsf.severity_id", "sources": ["severity_id"], "target": "ocsf.severity_id"}]}], "tags": []} + When the request is sent + Then the response status is 200 OK + @generated @skip @team:DataDog/event-platform-experience Scenario: Delete a pipeline returns "Bad Request" response Given new "DeleteLogsPipeline" request diff --git a/lib/datadog_api_client/inflector.rb b/lib/datadog_api_client/inflector.rb index ae10e695b91a..20eddf729f9b 100644 --- a/lib/datadog_api_client/inflector.rb +++ b/lib/datadog_api_client/inflector.rb @@ -282,6 +282,17 @@ def overrides "v1.logs_query_compute" => "LogsQueryCompute", "v1.logs_retention_agg_sum_usage" => "LogsRetentionAggSumUsage", "v1.logs_retention_sum_usage" => "LogsRetentionSumUsage", + "v1.logs_schema_category_mapper" => "LogsSchemaCategoryMapper", + "v1.logs_schema_category_mapper_category" => "LogsSchemaCategoryMapperCategory", + "v1.logs_schema_category_mapper_fallback" => "LogsSchemaCategoryMapperFallback", + "v1.logs_schema_category_mapper_targets" => "LogsSchemaCategoryMapperTargets", + "v1.logs_schema_category_mapper_type" => "LogsSchemaCategoryMapperType", + "v1.logs_schema_data" => "LogsSchemaData", + "v1.logs_schema_mapper" => "LogsSchemaMapper", + "v1.logs_schema_processor" => "LogsSchemaProcessor", + "v1.logs_schema_processor_type" => "LogsSchemaProcessorType", + "v1.logs_schema_remapper" => "LogsSchemaRemapper", + "v1.logs_schema_remapper_type" => "LogsSchemaRemapperType", "v1.logs_service_remapper" => "LogsServiceRemapper", "v1.logs_service_remapper_type" => "LogsServiceRemapperType", "v1.logs_sort" => "LogsSort", diff --git a/lib/datadog_api_client/v1/models/logs_processor.rb b/lib/datadog_api_client/v1/models/logs_processor.rb index 328f4676fc1f..f3e8958851b3 100644 --- a/lib/datadog_api_client/v1/models/logs_processor.rb +++ b/lib/datadog_api_client/v1/models/logs_processor.rb @@ -44,7 +44,8 @@ def openapi_one_of :'LogsTraceRemapper', :'LogsSpanRemapper', :'LogsArrayProcessor', - :'LogsDecoderProcessor' + :'LogsDecoderProcessor', + :'LogsSchemaProcessor' ] end # Builds the object diff --git a/lib/datadog_api_client/v1/models/logs_schema_category_mapper.rb b/lib/datadog_api_client/v1/models/logs_schema_category_mapper.rb new file mode 100644 index 000000000000..3f8842681e12 --- /dev/null +++ b/lib/datadog_api_client/v1/models/logs_schema_category_mapper.rb @@ -0,0 +1,211 @@ +=begin +#Datadog API V1 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V1 + # Use the Schema Category Mapper to categorize log event into enum fields. + # In the case of OCSF, they can be used to map sibling fields which are composed of an ID and a name. + # + # **Notes**: + # + # - The syntax of the query is the one of Logs Explorer search bar. + # The query can be done on any log attribute or tag, whether it is a facet or not. + # Wildcards can also be used inside your query. + # - Categories are executed in order and processing stops at the first match. + # Make sure categories are properly ordered in case a log could match multiple queries. + # - Sibling fields always have a numerical ID field and a human-readable string name. + # - A fallback section handles cases where the name or ID value matches a specific value. + # If the name matches "Other" or the ID matches 99, the value of the sibling name field will be pulled from a source field from the original log. + class LogsSchemaCategoryMapper + include BaseGenericModel + + # Array of filters to match or not a log and their + # corresponding `name` to assign a custom value to the log. + attr_reader :categories + + # Used to override hardcoded category values with a value pulled from a source attribute on the log. + attr_accessor :fallback + + # Name of the logs schema category mapper. + attr_reader :name + + # Name of the target attributes which value is defined by the matching category. + attr_reader :targets + + # Type of logs schema category mapper. + attr_reader :type + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'categories' => :'categories', + :'fallback' => :'fallback', + :'name' => :'name', + :'targets' => :'targets', + :'type' => :'type' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'categories' => :'Array', + :'fallback' => :'LogsSchemaCategoryMapperFallback', + :'name' => :'String', + :'targets' => :'LogsSchemaCategoryMapperTargets', + :'type' => :'LogsSchemaCategoryMapperType' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V1::LogsSchemaCategoryMapper` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'categories') + if (value = attributes[:'categories']).is_a?(Array) + self.categories = value + end + end + + if attributes.key?(:'fallback') + self.fallback = attributes[:'fallback'] + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + + if attributes.key?(:'targets') + self.targets = attributes[:'targets'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if @categories.nil? + return false if @name.nil? + return false if @targets.nil? + return false if @type.nil? + true + end + + # Custom attribute writer method with validation + # @param categories [Object] Object to be assigned + # @!visibility private + def categories=(categories) + if categories.nil? + fail ArgumentError, 'invalid value for "categories", categories cannot be nil.' + end + @categories = categories + end + + # Custom attribute writer method with validation + # @param name [Object] Object to be assigned + # @!visibility private + def name=(name) + if name.nil? + fail ArgumentError, 'invalid value for "name", name cannot be nil.' + end + @name = name + end + + # Custom attribute writer method with validation + # @param targets [Object] Object to be assigned + # @!visibility private + def targets=(targets) + if targets.nil? + fail ArgumentError, 'invalid value for "targets", targets cannot be nil.' + end + @targets = targets + end + + # Custom attribute writer method with validation + # @param type [Object] Object to be assigned + # @!visibility private + def type=(type) + if type.nil? + fail ArgumentError, 'invalid value for "type", type cannot be nil.' + end + @type = type + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + categories == o.categories && + fallback == o.fallback && + name == o.name && + targets == o.targets && + type == o.type && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [categories, fallback, name, targets, type, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v1/models/logs_schema_category_mapper_category.rb b/lib/datadog_api_client/v1/models/logs_schema_category_mapper_category.rb new file mode 100644 index 000000000000..4c81c745aad7 --- /dev/null +++ b/lib/datadog_api_client/v1/models/logs_schema_category_mapper_category.rb @@ -0,0 +1,165 @@ +=begin +#Datadog API V1 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V1 + # Object describing the logs filter with corresponding category ID and name assignment. + class LogsSchemaCategoryMapperCategory + include BaseGenericModel + + # Filter for logs. + attr_reader :filter + + # ID to inject into the category. + attr_reader :id + + # Value to assign to target schema field. + attr_reader :name + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'filter' => :'filter', + :'id' => :'id', + :'name' => :'name' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'filter' => :'LogsFilter', + :'id' => :'Integer', + :'name' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V1::LogsSchemaCategoryMapperCategory` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'filter') + self.filter = attributes[:'filter'] + end + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if @filter.nil? + return false if @id.nil? + return false if @name.nil? + true + end + + # Custom attribute writer method with validation + # @param filter [Object] Object to be assigned + # @!visibility private + def filter=(filter) + if filter.nil? + fail ArgumentError, 'invalid value for "filter", filter cannot be nil.' + end + @filter = filter + end + + # Custom attribute writer method with validation + # @param id [Object] Object to be assigned + # @!visibility private + def id=(id) + if id.nil? + fail ArgumentError, 'invalid value for "id", id cannot be nil.' + end + @id = id + end + + # Custom attribute writer method with validation + # @param name [Object] Object to be assigned + # @!visibility private + def name=(name) + if name.nil? + fail ArgumentError, 'invalid value for "name", name cannot be nil.' + end + @name = name + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + filter == o.filter && + id == o.id && + name == o.name && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [filter, id, name, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v1/models/logs_schema_category_mapper_fallback.rb b/lib/datadog_api_client/v1/models/logs_schema_category_mapper_fallback.rb new file mode 100644 index 000000000000..ef5f5770fe04 --- /dev/null +++ b/lib/datadog_api_client/v1/models/logs_schema_category_mapper_fallback.rb @@ -0,0 +1,115 @@ +=begin +#Datadog API V1 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V1 + # Used to override hardcoded category values with a value pulled from a source attribute on the log. + class LogsSchemaCategoryMapperFallback + include BaseGenericModel + + # Fallback sources used to populate value of field. + attr_accessor :sources + + # Values that define when the fallback is used. + attr_accessor :values + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'sources' => :'sources', + :'values' => :'values' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'sources' => :'Hash>', + :'values' => :'Hash' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V1::LogsSchemaCategoryMapperFallback` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'sources') + self.sources = attributes[:'sources'] + end + + if attributes.key?(:'values') + self.values = attributes[:'values'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + sources == o.sources && + values == o.values && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [sources, values, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v1/models/logs_schema_category_mapper_targets.rb b/lib/datadog_api_client/v1/models/logs_schema_category_mapper_targets.rb new file mode 100644 index 000000000000..e53abd8478d5 --- /dev/null +++ b/lib/datadog_api_client/v1/models/logs_schema_category_mapper_targets.rb @@ -0,0 +1,115 @@ +=begin +#Datadog API V1 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V1 + # Name of the target attributes which value is defined by the matching category. + class LogsSchemaCategoryMapperTargets + include BaseGenericModel + + # ID of the field to map log attributes to. + attr_accessor :id + + # Name of the field to map log attributes to. + attr_accessor :name + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'id' => :'id', + :'name' => :'name' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'id' => :'String', + :'name' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V1::LogsSchemaCategoryMapperTargets` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'id') + self.id = attributes[:'id'] + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + id == o.id && + name == o.name && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [id, name, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v1/models/logs_schema_category_mapper_type.rb b/lib/datadog_api_client/v1/models/logs_schema_category_mapper_type.rb new file mode 100644 index 000000000000..2b114e8e6127 --- /dev/null +++ b/lib/datadog_api_client/v1/models/logs_schema_category_mapper_type.rb @@ -0,0 +1,26 @@ +=begin +#Datadog API V1 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V1 + # Type of logs schema category mapper. + class LogsSchemaCategoryMapperType + include BaseEnumModel + + SCHEMA_CATEGORY_MAPPER = "schema-category-mapper".freeze + end +end diff --git a/lib/datadog_api_client/v1/models/logs_schema_data.rb b/lib/datadog_api_client/v1/models/logs_schema_data.rb new file mode 100644 index 000000000000..8438d19c4401 --- /dev/null +++ b/lib/datadog_api_client/v1/models/logs_schema_data.rb @@ -0,0 +1,198 @@ +=begin +#Datadog API V1 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V1 + # Configuration of the schema data to use. + class LogsSchemaData + include BaseGenericModel + + # Class name of the schema to use. + attr_reader :class_name + + # Class UID of the schema to use. + attr_reader :class_uid + + # Optional list of profiles to modify the schema. + attr_accessor :profiles + + # Type of schema to use. + attr_reader :schema_type + + # Version of the schema to use. + attr_reader :version + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'class_name' => :'class_name', + :'class_uid' => :'class_uid', + :'profiles' => :'profiles', + :'schema_type' => :'schema_type', + :'version' => :'version' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'class_name' => :'String', + :'class_uid' => :'Integer', + :'profiles' => :'Array', + :'schema_type' => :'String', + :'version' => :'String' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V1::LogsSchemaData` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'class_name') + self.class_name = attributes[:'class_name'] + end + + if attributes.key?(:'class_uid') + self.class_uid = attributes[:'class_uid'] + end + + if attributes.key?(:'profiles') + if (value = attributes[:'profiles']).is_a?(Array) + self.profiles = value + end + end + + if attributes.key?(:'schema_type') + self.schema_type = attributes[:'schema_type'] + end + + if attributes.key?(:'version') + self.version = attributes[:'version'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if @class_name.nil? + return false if @class_uid.nil? + return false if @schema_type.nil? + return false if @version.nil? + true + end + + # Custom attribute writer method with validation + # @param class_name [Object] Object to be assigned + # @!visibility private + def class_name=(class_name) + if class_name.nil? + fail ArgumentError, 'invalid value for "class_name", class_name cannot be nil.' + end + @class_name = class_name + end + + # Custom attribute writer method with validation + # @param class_uid [Object] Object to be assigned + # @!visibility private + def class_uid=(class_uid) + if class_uid.nil? + fail ArgumentError, 'invalid value for "class_uid", class_uid cannot be nil.' + end + @class_uid = class_uid + end + + # Custom attribute writer method with validation + # @param schema_type [Object] Object to be assigned + # @!visibility private + def schema_type=(schema_type) + if schema_type.nil? + fail ArgumentError, 'invalid value for "schema_type", schema_type cannot be nil.' + end + @schema_type = schema_type + end + + # Custom attribute writer method with validation + # @param version [Object] Object to be assigned + # @!visibility private + def version=(version) + if version.nil? + fail ArgumentError, 'invalid value for "version", version cannot be nil.' + end + @version = version + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + class_name == o.class_name && + class_uid == o.class_uid && + profiles == o.profiles && + schema_type == o.schema_type && + version == o.version && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [class_name, class_uid, profiles, schema_type, version, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v1/models/logs_schema_mapper.rb b/lib/datadog_api_client/v1/models/logs_schema_mapper.rb new file mode 100644 index 000000000000..4ee36d3d0e1e --- /dev/null +++ b/lib/datadog_api_client/v1/models/logs_schema_mapper.rb @@ -0,0 +1,63 @@ +=begin +#Datadog API V1 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V1 + # Configuration of the schema processor mapper to use. + module LogsSchemaMapper + class << self + include BaseOneOfModel + include BaseOneOfModelNoDiscriminator + + # List of class defined in oneOf (OpenAPI v3) + def openapi_one_of + [ + :'LogsSchemaRemapper', + :'LogsSchemaCategoryMapper' + ] + end + # Builds the object + # @param data [Mixed] Data to be matched against the list of oneOf items + # @return [Object] Returns the model or the data itself + def build(data) + # Go through the list of oneOf items and attempt to identify the appropriate one. + # Note: + # - We do not attempt to check whether exactly one item matches. + # - No advanced validation of types in some cases (e.g. "x: { type: string }" will happily match { x: 123 }) + # due to the way the deserialization is made in the base_object template (it just casts without verifying). + # - TODO: scalar values are de facto behaving as if they were nullable. + # - TODO: logging when debugging is set. + openapi_one_of.each do |klass| + begin + next if klass == :AnyType # "nullable: true" + typed_data = find_and_cast_into_type(klass, data) + next if typed_data.respond_to?(:_unparsed) && typed_data._unparsed + return typed_data if typed_data + rescue # rescue all errors so we keep iterating even if the current item lookup raises + end + end + + if openapi_one_of.include?(:AnyType) + data + else + self._unparsed = true + DatadogAPIClient::UnparsedObject.new(data) + end + end + end + end +end diff --git a/lib/datadog_api_client/v1/models/logs_schema_processor.rb b/lib/datadog_api_client/v1/models/logs_schema_processor.rb new file mode 100644 index 000000000000..f4b37453688f --- /dev/null +++ b/lib/datadog_api_client/v1/models/logs_schema_processor.rb @@ -0,0 +1,198 @@ +=begin +#Datadog API V1 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V1 + # A processor that has additional validations and checks for a given schema. Currently supported schema types include OCSF. + class LogsSchemaProcessor + include BaseGenericModel + + # Whether or not the processor is enabled. + attr_accessor :is_enabled + + # The `LogsSchemaProcessor` `mappers`. + attr_reader :mappers + + # Name of the processor. + attr_reader :name + + # Configuration of the schema data to use. + attr_reader :schema + + # Type of logs schema processor. + attr_reader :type + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'is_enabled' => :'is_enabled', + :'mappers' => :'mappers', + :'name' => :'name', + :'schema' => :'schema', + :'type' => :'type' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'is_enabled' => :'Boolean', + :'mappers' => :'Array', + :'name' => :'String', + :'schema' => :'LogsSchemaData', + :'type' => :'LogsSchemaProcessorType' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V1::LogsSchemaProcessor` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'is_enabled') + self.is_enabled = attributes[:'is_enabled'] + end + + if attributes.key?(:'mappers') + if (value = attributes[:'mappers']).is_a?(Array) + self.mappers = value + end + end + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + + if attributes.key?(:'schema') + self.schema = attributes[:'schema'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if @mappers.nil? + return false if @name.nil? + return false if @schema.nil? + return false if @type.nil? + true + end + + # Custom attribute writer method with validation + # @param mappers [Object] Object to be assigned + # @!visibility private + def mappers=(mappers) + if mappers.nil? + fail ArgumentError, 'invalid value for "mappers", mappers cannot be nil.' + end + @mappers = mappers + end + + # Custom attribute writer method with validation + # @param name [Object] Object to be assigned + # @!visibility private + def name=(name) + if name.nil? + fail ArgumentError, 'invalid value for "name", name cannot be nil.' + end + @name = name + end + + # Custom attribute writer method with validation + # @param schema [Object] Object to be assigned + # @!visibility private + def schema=(schema) + if schema.nil? + fail ArgumentError, 'invalid value for "schema", schema cannot be nil.' + end + @schema = schema + end + + # Custom attribute writer method with validation + # @param type [Object] Object to be assigned + # @!visibility private + def type=(type) + if type.nil? + fail ArgumentError, 'invalid value for "type", type cannot be nil.' + end + @type = type + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + is_enabled == o.is_enabled && + mappers == o.mappers && + name == o.name && + schema == o.schema && + type == o.type && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [is_enabled, mappers, name, schema, type, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v1/models/logs_schema_processor_type.rb b/lib/datadog_api_client/v1/models/logs_schema_processor_type.rb new file mode 100644 index 000000000000..5b287e4c620e --- /dev/null +++ b/lib/datadog_api_client/v1/models/logs_schema_processor_type.rb @@ -0,0 +1,26 @@ +=begin +#Datadog API V1 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V1 + # Type of logs schema processor. + class LogsSchemaProcessorType + include BaseEnumModel + + SCHEMA_PROCESSOR = "schema-processor".freeze + end +end diff --git a/lib/datadog_api_client/v1/models/logs_schema_remapper.rb b/lib/datadog_api_client/v1/models/logs_schema_remapper.rb new file mode 100644 index 000000000000..82c7fc985ecc --- /dev/null +++ b/lib/datadog_api_client/v1/models/logs_schema_remapper.rb @@ -0,0 +1,220 @@ +=begin +#Datadog API V1 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V1 + # The schema remapper maps source log fields to their correct fields. + class LogsSchemaRemapper + include BaseGenericModel + + # Name of the logs schema remapper. + attr_reader :name + + # Override or not the target element if already set. + attr_accessor :override_on_conflict + + # Remove or preserve the remapped source element. + attr_accessor :preserve_source + + # Array of source attributes. + attr_reader :sources + + # Target field to map log source field to. + attr_reader :target + + # If the `target_type` of the remapper is `attribute`, try to cast the value to a new specific type. + # If the cast is not possible, the original type is kept. `string`, `integer`, or `double` are the possible types. + # If the `target_type` is `tag`, this parameter may not be specified. + attr_accessor :target_format + + # Type of logs schema remapper. + attr_reader :type + + attr_accessor :additional_properties + + # Attribute mapping from ruby-style variable name to JSON key. + # @!visibility private + def self.attribute_map + { + :'name' => :'name', + :'override_on_conflict' => :'override_on_conflict', + :'preserve_source' => :'preserve_source', + :'sources' => :'sources', + :'target' => :'target', + :'target_format' => :'target_format', + :'type' => :'type' + } + end + + # Attribute type mapping. + # @!visibility private + def self.openapi_types + { + :'name' => :'String', + :'override_on_conflict' => :'Boolean', + :'preserve_source' => :'Boolean', + :'sources' => :'Array', + :'target' => :'String', + :'target_format' => :'TargetFormatType', + :'type' => :'LogsSchemaRemapperType' + } + end + + # Initializes the object + # @param attributes [Hash] Model attributes in the form of hash + # @!visibility private + def initialize(attributes = {}) + if (!attributes.is_a?(Hash)) + fail ArgumentError, "The input argument (attributes) must be a hash in `DatadogAPIClient::V1::LogsSchemaRemapper` initialize method" + end + + self.additional_properties = {} + # check to see if the attribute exists and convert string to symbol for hash key + attributes = attributes.each_with_object({}) { |(k, v), h| + if (!self.class.attribute_map.key?(k.to_sym)) + self.additional_properties[k.to_sym] = v + else + h[k.to_sym] = v + end + } + + if attributes.key?(:'name') + self.name = attributes[:'name'] + end + + if attributes.key?(:'override_on_conflict') + self.override_on_conflict = attributes[:'override_on_conflict'] + end + + if attributes.key?(:'preserve_source') + self.preserve_source = attributes[:'preserve_source'] + end + + if attributes.key?(:'sources') + if (value = attributes[:'sources']).is_a?(Array) + self.sources = value + end + end + + if attributes.key?(:'target') + self.target = attributes[:'target'] + end + + if attributes.key?(:'target_format') + self.target_format = attributes[:'target_format'] + end + + if attributes.key?(:'type') + self.type = attributes[:'type'] + end + end + + # Check to see if the all the properties in the model are valid + # @return true if the model is valid + # @!visibility private + def valid? + return false if @name.nil? + return false if @sources.nil? + return false if @target.nil? + return false if @type.nil? + true + end + + # Custom attribute writer method with validation + # @param name [Object] Object to be assigned + # @!visibility private + def name=(name) + if name.nil? + fail ArgumentError, 'invalid value for "name", name cannot be nil.' + end + @name = name + end + + # Custom attribute writer method with validation + # @param sources [Object] Object to be assigned + # @!visibility private + def sources=(sources) + if sources.nil? + fail ArgumentError, 'invalid value for "sources", sources cannot be nil.' + end + @sources = sources + end + + # Custom attribute writer method with validation + # @param target [Object] Object to be assigned + # @!visibility private + def target=(target) + if target.nil? + fail ArgumentError, 'invalid value for "target", target cannot be nil.' + end + @target = target + end + + # Custom attribute writer method with validation + # @param type [Object] Object to be assigned + # @!visibility private + def type=(type) + if type.nil? + fail ArgumentError, 'invalid value for "type", type cannot be nil.' + end + @type = type + end + + # Returns the object in the form of hash, with additionalProperties support. + # @return [Hash] Returns the object in the form of hash + # @!visibility private + def to_hash + hash = {} + self.class.attribute_map.each_pair do |attr, param| + value = self.send(attr) + if value.nil? + is_nullable = self.class.openapi_nullable.include?(attr) + next if !is_nullable || (is_nullable && !instance_variable_defined?(:"@#{attr}")) + end + + hash[param] = _to_hash(value) + end + self.additional_properties.each_pair do |attr, value| + hash[attr] = value + end + hash + end + + # Checks equality by comparing each attribute. + # @param o [Object] Object to be compared + # @!visibility private + def ==(o) + return true if self.equal?(o) + self.class == o.class && + name == o.name && + override_on_conflict == o.override_on_conflict && + preserve_source == o.preserve_source && + sources == o.sources && + target == o.target && + target_format == o.target_format && + type == o.type && + additional_properties == o.additional_properties + end + + # Calculates hash code according to all attributes. + # @return [Integer] Hash code + # @!visibility private + def hash + [name, override_on_conflict, preserve_source, sources, target, target_format, type, additional_properties].hash + end + end +end diff --git a/lib/datadog_api_client/v1/models/logs_schema_remapper_type.rb b/lib/datadog_api_client/v1/models/logs_schema_remapper_type.rb new file mode 100644 index 000000000000..0277dd3d02c7 --- /dev/null +++ b/lib/datadog_api_client/v1/models/logs_schema_remapper_type.rb @@ -0,0 +1,26 @@ +=begin +#Datadog API V1 Collection + +#Collection of all Datadog Public endpoints. + +The version of the OpenAPI document: 1.0 +Contact: support@datadoghq.com +Generated by: https://github.com/DataDog/datadog-api-client-ruby/tree/master/.generator + + Unless explicitly stated otherwise all files in this repository are licensed under the Apache-2.0 License. + This product includes software developed at Datadog (https://www.datadoghq.com/). + Copyright 2020-Present Datadog, Inc. + +=end + +require 'date' +require 'time' + +module DatadogAPIClient::V1 + # Type of logs schema remapper. + class LogsSchemaRemapperType + include BaseEnumModel + + SCHEMA_REMAPPER = "schema-remapper".freeze + end +end