@@ -75,15 +75,16 @@ The following arguments are supported:
7575- ` parent_id ` - (Required) The identifier of the folder to create the log search in.
7676- ` query_string ` - (Required) Log query to perform.
7777- ` query_parameters ` - (Optional) TODO Find a good description.
78- - ` parsing_mode ` - (Optional) Define the parsing mode to scan the JSON format log messages. Possible values are: ` AutoParse ` and ` Manual `
78+ - ` parsing_mode ` - (Optional) Define the parsing mode to scan the JSON format log messages. Possible values are:
79+ ` AutoParse ` and ` Manual ` . Default value is ` Manual ` .
7980
80- In AutoParse mode, the system automatically figures out fields to parse based on the search query. While in the
81- Manual mode, no fields are parsed out automatically. For more information see
81+ In ` AutoParse ` mode, the system automatically figures out fields to parse based on the search query. While in
82+ the ` Manual ` mode, no fields are parsed out automatically. For more information see
8283 [ Dynamic Parsing] ( https://help.sumologic.com/?cid=0011 ) .
8384- ` time_range ` - (Block List, Max: 1, Required) Time range of the log search. See [ time range schema] ( #schema-for-time_range )
8485- ` schedule ` - (Block List, Max: 1, Optional) Schedule of the log search. See [ schedule schema] ( #schema-for-schedule )
8586- ` run_by_receipt_time ` - (Optional) This has the value ` true ` if the search is to be run by receipt time and
86- ` false ` if it is to be run by message time.
87+ ` false ` if it is to be run by message time. Default value is ` false ` .
8788
8889
8990### Schema for ` schedule `
@@ -92,6 +93,9 @@ The following arguments are supported:
9293- ` schedule_type ` - (Required) Run schedule of the scheduled search. Set to "Custom" to specify the schedule with
9394 a CRON expression. Possible schedule types are: ` RealTime ` , ` 15Minutes ` , ` 1Hour ` , ` 2Hours ` , ` 4Hours ` , ` 6Hours ` ,
9495 ` 8Hours ` , ` 12Hours ` , ` 1Day ` , ` 1Week ` , ` Custom ` .
96+
97+ -> With ` Custom ` , ` 1Day ` and ` 1Week ` schedule types you need to provide the corresponding cron expression
98+ to determine when to actually run the search. E.g. valid cron for ` 1Day ` is ` 0 0 16 ? * 2-6 * ` .
9599- ` displayable_time_range ` - (Optional) A human-friendly text describing the query time range. For e.g. "-2h",
96100 "last three days", "team default time"
97101- ` parseable_time_range ` - (Block List, Max: 1, Required) Time range of the scheduled log search. See
@@ -167,7 +171,7 @@ See [cse_signal_notification schema](#schema-for-cse_signal_notification) schema
167171- ` record_type ` - (Required) Name of the Cloud SIEM Enterprise Record to be created.
168172
169173### Schema for ` email_search_notification `
170- - ` subject_template ` - (Required ) Subject of the email. If the notification is scheduled with a threshold,
174+ - ` subject_template ` - (Optional ) Subject of the email. If the notification is scheduled with a threshold,
171175 the default subject template will be ` Search Alert: {{AlertCondition}} results found for {{SearchName}} ` .
172176 For email notifications without a threshold, the default subject template is ` Search Results: {{SearchName}} ` .
173177- ` to_list ` - (Block List, Required) A list of email recipients.
@@ -186,7 +190,7 @@ See [cse_signal_notification schema](#schema-for-cse_signal_notification) schema
186190
187191### Schema for ` service_now_search_notification `
188192- ` external_id ` - (Required) Service Now Identifier.
189- - ` fields ` - (Block List, Required ) Service Now fields.
193+ - ` fields ` - (Block List, Optional ) Service Now fields.
190194 - ` event_type ` - (Optional) The category that the event source uses to identify the event.
191195 - ` severity ` - (Optional) An integer value representing the severity of the alert. Supported values are:
192196 * 0 for Clear
0 commit comments