Docs Home
Sumo Logic v1.0.7 published on Friday, Apr 11, 2025 by Pulumi
sumologic.CseMatchRule
Explore with Pulumi AI
Provides a Sumo Logic CSE Match Rule.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";
const matchRule = new sumologic.CseMatchRule("match_rule", {
descriptionExpression: "Signal description",
enabled: true,
entitySelectors: [{
entityType: "_ip",
expression: "srcDevice_ip",
}],
expression: "objectType = \"Network\"",
isPrototype: false,
name: "Match Rule Example",
nameExpression: "Signal name",
severityMapping: {
type: "constant",
"default": 5,
},
summaryExpression: "Signal summary",
tags: ["_mitreAttackTactic:TA0009"],
suppressionWindowSize: 2100000,
});
import pulumi
import pulumi_sumologic as sumologic
match_rule = sumologic.CseMatchRule("match_rule",
description_expression="Signal description",
enabled=True,
entity_selectors=[{
"entity_type": "_ip",
"expression": "srcDevice_ip",
}],
expression="objectType = \"Network\"",
is_prototype=False,
name="Match Rule Example",
name_expression="Signal name",
severity_mapping={
"type": "constant",
"default": 5,
},
summary_expression="Signal summary",
tags=["_mitreAttackTactic:TA0009"],
suppression_window_size=2100000)
package main
import (
"github.com/pulumi/pulumi-sumologic/sdk/go/sumologic"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sumologic.NewCseMatchRule(ctx, "match_rule", &sumologic.CseMatchRuleArgs{
DescriptionExpression: pulumi.String("Signal description"),
Enabled: pulumi.Bool(true),
EntitySelectors: sumologic.CseMatchRuleEntitySelectorArray{
&sumologic.CseMatchRuleEntitySelectorArgs{
EntityType: pulumi.String("_ip"),
Expression: pulumi.String("srcDevice_ip"),
},
},
Expression: pulumi.String("objectType = \"Network\""),
IsPrototype: pulumi.Bool(false),
Name: pulumi.String("Match Rule Example"),
NameExpression: pulumi.String("Signal name"),
SeverityMapping: &sumologic.CseMatchRuleSeverityMappingArgs{
Type: pulumi.String("constant"),
Default: pulumi.Int(5),
},
SummaryExpression: pulumi.String("Signal summary"),
Tags: pulumi.StringArray{
pulumi.String("_mitreAttackTactic:TA0009"),
},
SuppressionWindowSize: pulumi.Int(2100000),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using SumoLogic = Pulumi.SumoLogic;
return await Deployment.RunAsync(() =>
{
var matchRule = new SumoLogic.CseMatchRule("match_rule", new()
{
DescriptionExpression = "Signal description",
Enabled = true,
EntitySelectors = new[]
{
new SumoLogic.Inputs.CseMatchRuleEntitySelectorArgs
{
EntityType = "_ip",
Expression = "srcDevice_ip",
},
},
Expression = "objectType = \"Network\"",
IsPrototype = false,
Name = "Match Rule Example",
NameExpression = "Signal name",
SeverityMapping = new SumoLogic.Inputs.CseMatchRuleSeverityMappingArgs
{
Type = "constant",
Default = 5,
},
SummaryExpression = "Signal summary",
Tags = new[]
{
"_mitreAttackTactic:TA0009",
},
SuppressionWindowSize = 2100000,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.CseMatchRule;
import com.pulumi.sumologic.CseMatchRuleArgs;
import com.pulumi.sumologic.inputs.CseMatchRuleEntitySelectorArgs;
import com.pulumi.sumologic.inputs.CseMatchRuleSeverityMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var matchRule = new CseMatchRule("matchRule", CseMatchRuleArgs.builder()
.descriptionExpression("Signal description")
.enabled(true)
.entitySelectors(CseMatchRuleEntitySelectorArgs.builder()
.entityType("_ip")
.expression("srcDevice_ip")
.build())
.expression("objectType = \"Network\"")
.isPrototype(false)
.name("Match Rule Example")
.nameExpression("Signal name")
.severityMapping(CseMatchRuleSeverityMappingArgs.builder()
.type("constant")
.default_(5)
.build())
.summaryExpression("Signal summary")
.tags("_mitreAttackTactic:TA0009")
.suppressionWindowSize(2100000)
.build());
}
}
resources:
matchRule:
type: sumologic:CseMatchRule
name: match_rule
properties:
descriptionExpression: Signal description
enabled: true
entitySelectors:
- entityType: _ip
expression: srcDevice_ip
expression: objectType = "Network"
isPrototype: false
name: Match Rule Example
nameExpression: Signal name
severityMapping:
type: constant
default: 5
summaryExpression: Signal summary
tags:
- _mitreAttackTactic:TA0009
suppressionWindowSize: 2.1e+06
Create CseMatchRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CseMatchRule(name: string, args: CseMatchRuleArgs, opts?: CustomResourceOptions);@overload
def CseMatchRule(resource_name: str,
args: CseMatchRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CseMatchRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
description_expression: Optional[str] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
expression: Optional[str] = None,
name_expression: Optional[str] = None,
severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
is_prototype: Optional[bool] = None,
name: Optional[str] = None,
summary_expression: Optional[str] = None,
suppression_window_size: Optional[int] = None,
tags: Optional[Sequence[str]] = None)func NewCseMatchRule(ctx *Context, name string, args CseMatchRuleArgs, opts ...ResourceOption) (*CseMatchRule, error)public CseMatchRule(string name, CseMatchRuleArgs args, CustomResourceOptions? opts = null)public CseMatchRule(String name, CseMatchRuleArgs args)
public CseMatchRule(String name, CseMatchRuleArgs args, CustomResourceOptions options)
type: sumologic:CseMatchRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. CseMatchRuleArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. CseMatchRuleArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. CseMatchRuleArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. CseMatchRuleArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. CseMatchRuleArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var cseMatchRuleResource = new SumoLogic.CseMatchRule("cseMatchRuleResource", new()
{
DescriptionExpression = "string",
Enabled = false,
EntitySelectors = new[]
{
new SumoLogic.Inputs.CseMatchRuleEntitySelectorArgs
{
EntityType = "string",
Expression = "string",
},
},
Expression = "string",
NameExpression = "string",
SeverityMapping = new SumoLogic.Inputs.CseMatchRuleSeverityMappingArgs
{
Type = "string",
Default = 0,
Field = "string",
Mappings = new[]
{
new SumoLogic.Inputs.CseMatchRuleSeverityMappingMappingArgs
{
From = "string",
To = 0,
Type = "string",
},
},
},
IsPrototype = false,
Name = "string",
SummaryExpression = "string",
SuppressionWindowSize = 0,
Tags = new[]
{
"string",
},
});
example, err := sumologic.NewCseMatchRule(ctx, "cseMatchRuleResource", &sumologic.CseMatchRuleArgs{
DescriptionExpression: pulumi.String("string"),
Enabled: pulumi.Bool(false),
EntitySelectors: sumologic.CseMatchRuleEntitySelectorArray{
&sumologic.CseMatchRuleEntitySelectorArgs{
EntityType: pulumi.String("string"),
Expression: pulumi.String("string"),
},
},
Expression: pulumi.String("string"),
NameExpression: pulumi.String("string"),
SeverityMapping: &sumologic.CseMatchRuleSeverityMappingArgs{
Type: pulumi.String("string"),
Default: pulumi.Int(0),
Field: pulumi.String("string"),
Mappings: sumologic.CseMatchRuleSeverityMappingMappingArray{
&sumologic.CseMatchRuleSeverityMappingMappingArgs{
From: pulumi.String("string"),
To: pulumi.Int(0),
Type: pulumi.String("string"),
},
},
},
IsPrototype: pulumi.Bool(false),
Name: pulumi.String("string"),
SummaryExpression: pulumi.String("string"),
SuppressionWindowSize: pulumi.Int(0),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
})
var cseMatchRuleResource = new CseMatchRule("cseMatchRuleResource", CseMatchRuleArgs.builder()
.descriptionExpression("string")
.enabled(false)
.entitySelectors(CseMatchRuleEntitySelectorArgs.builder()
.entityType("string")
.expression("string")
.build())
.expression("string")
.nameExpression("string")
.severityMapping(CseMatchRuleSeverityMappingArgs.builder()
.type("string")
.default_(0)
.field("string")
.mappings(CseMatchRuleSeverityMappingMappingArgs.builder()
.from("string")
.to(0)
.type("string")
.build())
.build())
.isPrototype(false)
.name("string")
.summaryExpression("string")
.suppressionWindowSize(0)
.tags("string")
.build());
cse_match_rule_resource = sumologic.CseMatchRule("cseMatchRuleResource",
description_expression="string",
enabled=False,
entity_selectors=[{
"entity_type": "string",
"expression": "string",
}],
expression="string",
name_expression="string",
severity_mapping={
"type": "string",
"default": 0,
"field": "string",
"mappings": [{
"from_": "string",
"to": 0,
"type": "string",
}],
},
is_prototype=False,
name="string",
summary_expression="string",
suppression_window_size=0,
tags=["string"])
const cseMatchRuleResource = new sumologic.CseMatchRule("cseMatchRuleResource", {
descriptionExpression: "string",
enabled: false,
entitySelectors: [{
entityType: "string",
expression: "string",
}],
expression: "string",
nameExpression: "string",
severityMapping: {
type: "string",
"default": 0,
field: "string",
mappings: [{
from: "string",
to: 0,
type: "string",
}],
},
isPrototype: false,
name: "string",
summaryExpression: "string",
suppressionWindowSize: 0,
tags: ["string"],
});
type: sumologic:CseMatchRule
properties:
descriptionExpression: string
enabled: false
entitySelectors:
- entityType: string
expression: string
expression: string
isPrototype: false
name: string
nameExpression: string
severityMapping:
default: 0
field: string
mappings:
- from: string
to: 0
type: string
type: string
summaryExpression: string
suppressionWindowSize: 0
tags:
- string
CseMatchRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The CseMatchRule resource accepts the following input properties:
- Description
Expression This property is required. string - The description of the generated Signals
- Enabled
This property is required. bool - Whether the rule should generate Signals
- Entity
Selectors This property is required. List<Pulumi.Sumo Logic. Inputs. Cse Match Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Expression
This property is required. string - The expression for which records to match on
- Name
Expression This property is required. string - The name of the generated Signals
- Severity
Mapping This property is required. Pulumi.Sumo Logic. Inputs. Cse Match Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- List<string>
- The tags of the generated Signals
- Description
Expression This property is required. string - The description of the generated Signals
- Enabled
This property is required. bool - Whether the rule should generate Signals
- Entity
Selectors This property is required. []CseMatch Rule Entity Selector Args - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Expression
This property is required. string - The expression for which records to match on
- Name
Expression This property is required. string - The name of the generated Signals
- Severity
Mapping This property is required. CseMatch Rule Severity Mapping Args - The configuration of how the severity of the Signals should be mapped from the Records
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- []string
- The tags of the generated Signals
- description
Expression This property is required. String - The description of the generated Signals
- enabled
This property is required. Boolean - Whether the rule should generate Signals
- entity
Selectors This property is required. List<CseMatch Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expression
This property is required. String - The expression for which records to match on
- name
Expression This property is required. String - The name of the generated Signals
- severity
Mapping This property is required. CseMatch Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule
- summary
Expression String - The summary of the generated Signals
- suppression
Window IntegerSize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- List<String>
- The tags of the generated Signals
- description
Expression This property is required. string - The description of the generated Signals
- enabled
This property is required. boolean - Whether the rule should generate Signals
- entity
Selectors This property is required. CseMatch Rule Entity Selector[] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expression
This property is required. string - The expression for which records to match on
- name
Expression This property is required. string - The name of the generated Signals
- severity
Mapping This property is required. CseMatch Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- is
Prototype boolean - Whether the generated Signals should be prototype Signals
- name string
- The name of the Rule
- summary
Expression string - The summary of the generated Signals
- suppression
Window numberSize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- string[]
- The tags of the generated Signals
- description_
expression This property is required. str - The description of the generated Signals
- enabled
This property is required. bool - Whether the rule should generate Signals
- entity_
selectors This property is required. Sequence[CseMatch Rule Entity Selector Args] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expression
This property is required. str - The expression for which records to match on
- name_
expression This property is required. str - The name of the generated Signals
- severity_
mapping This property is required. CseMatch Rule Severity Mapping Args - The configuration of how the severity of the Signals should be mapped from the Records
- is_
prototype bool - Whether the generated Signals should be prototype Signals
- name str
- The name of the Rule
- summary_
expression str - The summary of the generated Signals
- suppression_
window_ intsize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- Sequence[str]
- The tags of the generated Signals
- description
Expression This property is required. String - The description of the generated Signals
- enabled
This property is required. Boolean - Whether the rule should generate Signals
- entity
Selectors This property is required. List<Property Map> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expression
This property is required. String - The expression for which records to match on
- name
Expression This property is required. String - The name of the generated Signals
- severity
Mapping This property is required. Property Map - The configuration of how the severity of the Signals should be mapped from the Records
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule
- summary
Expression String - The summary of the generated Signals
- suppression
Window NumberSize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- List<String>
- The tags of the generated Signals
Outputs
All input properties are implicitly available as output properties. Additionally, the CseMatchRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing CseMatchRule Resource
Get an existing CseMatchRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CseMatchRuleState, opts?: CustomResourceOptions): CseMatchRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
description_expression: Optional[str] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseMatchRuleEntitySelectorArgs]] = None,
expression: Optional[str] = None,
is_prototype: Optional[bool] = None,
name: Optional[str] = None,
name_expression: Optional[str] = None,
severity_mapping: Optional[CseMatchRuleSeverityMappingArgs] = None,
summary_expression: Optional[str] = None,
suppression_window_size: Optional[int] = None,
tags: Optional[Sequence[str]] = None) -> CseMatchRulefunc GetCseMatchRule(ctx *Context, name string, id IDInput, state *CseMatchRuleState, opts ...ResourceOption) (*CseMatchRule, error)public static CseMatchRule Get(string name, Input<string> id, CseMatchRuleState? state, CustomResourceOptions? opts = null)public static CseMatchRule get(String name, Output<String> id, CseMatchRuleState state, CustomResourceOptions options)resources: _: type: sumologic:CseMatchRule get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Description
Expression string - The description of the generated Signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors List<Pulumi.Sumo Logic. Inputs. Cse Match Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Expression string
- The expression for which records to match on
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule
- Name
Expression string - The name of the generated Signals
- Severity
Mapping Pulumi.Sumo Logic. Inputs. Cse Match Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- List<string>
- The tags of the generated Signals
- Description
Expression string - The description of the generated Signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors []CseMatch Rule Entity Selector Args - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- Expression string
- The expression for which records to match on
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule
- Name
Expression string - The name of the generated Signals
- Severity
Mapping CseMatch Rule Severity Mapping Args - The configuration of how the severity of the Signals should be mapped from the Records
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- []string
- The tags of the generated Signals
- description
Expression String - The description of the generated Signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<CseMatch Rule Entity Selector> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expression String
- The expression for which records to match on
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule
- name
Expression String - The name of the generated Signals
- severity
Mapping CseMatch Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- summary
Expression String - The summary of the generated Signals
- suppression
Window IntegerSize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- List<String>
- The tags of the generated Signals
- description
Expression string - The description of the generated Signals
- enabled boolean
- Whether the rule should generate Signals
- entity
Selectors CseMatch Rule Entity Selector[] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expression string
- The expression for which records to match on
- is
Prototype boolean - Whether the generated Signals should be prototype Signals
- name string
- The name of the Rule
- name
Expression string - The name of the generated Signals
- severity
Mapping CseMatch Rule Severity Mapping - The configuration of how the severity of the Signals should be mapped from the Records
- summary
Expression string - The summary of the generated Signals
- suppression
Window numberSize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- string[]
- The tags of the generated Signals
- description_
expression str - The description of the generated Signals
- enabled bool
- Whether the rule should generate Signals
- entity_
selectors Sequence[CseMatch Rule Entity Selector Args] - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expression str
- The expression for which records to match on
- is_
prototype bool - Whether the generated Signals should be prototype Signals
- name str
- The name of the Rule
- name_
expression str - The name of the generated Signals
- severity_
mapping CseMatch Rule Severity Mapping Args - The configuration of how the severity of the Signals should be mapped from the Records
- summary_
expression str - The summary of the generated Signals
- suppression_
window_ intsize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- Sequence[str]
- The tags of the generated Signals
- description
Expression String - The description of the generated Signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<Property Map> - The entities to generate Signals on
entityType- (Required) The type of the entity to generate the Signal on.
- expression String
- The expression for which records to match on
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule
- name
Expression String - The name of the generated Signals
- severity
Mapping Property Map - The configuration of how the severity of the Signals should be mapped from the Records
- summary
Expression String - The summary of the generated Signals
- suppression
Window NumberSize For how long to suppress Signal generation, in milliseconds. Must be greater than 0 and less than the global limit of 7 days.
The following attributes are exported:
- List<String>
- The tags of the generated Signals
Supporting Types
CseMatchRuleEntitySelector, CseMatchRuleEntitySelectorArgs
, CseMatchRuleEntitySelectorArgs
- Entity
Type This property is required. string - Expression
This property is required. string - The expression or field name to generate the Signal on.
- Entity
Type This property is required. string - Expression
This property is required. string - The expression or field name to generate the Signal on.
- entity
Type This property is required. String - expression
This property is required. String - The expression or field name to generate the Signal on.
- entity
Type This property is required. string - expression
This property is required. string - The expression or field name to generate the Signal on.
- entity_
type This property is required. str - expression
This property is required. str - The expression or field name to generate the Signal on.
- entity
Type This property is required. String - expression
This property is required. String - The expression or field name to generate the Signal on.
CseMatchRuleSeverityMapping, CseMatchRuleSeverityMappingArgs
, CseMatchRuleSeverityMappingArgs
- Type
This property is required. string - Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- Default int
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- Field string
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- Mappings
List<Pulumi.
Sumo Logic. Inputs. Cse Match Rule Severity Mapping Mapping> - The map of record values to severities to use in the "fieldValueMapping" case
- Type
This property is required. string - Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- Default int
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- Field string
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- Mappings
[]Cse
Match Rule Severity Mapping Mapping - The map of record values to severities to use in the "fieldValueMapping" case
- type
This property is required. String - Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- default_ Integer
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field String
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings
List<Cse
Match Rule Severity Mapping Mapping> - The map of record values to severities to use in the "fieldValueMapping" case
- type
This property is required. string - Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- default number
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field string
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings
Cse
Match Rule Severity Mapping Mapping[] - The map of record values to severities to use in the "fieldValueMapping" case
- type
This property is required. str - Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- default int
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field str
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings
Sequence[Cse
Match Rule Severity Mapping Mapping] - The map of record values to severities to use in the "fieldValueMapping" case
- type
This property is required. String - Whether to set a constant severity ("constant"), set the severity based on the direct value of a record field ("fieldValue"), or map a record field value to a severity ("fieldValueMapping").
- default Number
- The severity to use in the "constant" case or to fall back to if the field used by "fieldValue"/"fieldValueMapping" is not populated.
- field String
- The field to use in the "fieldValue"/"fieldValueMapping" cases.
- mappings List<Property Map>
- The map of record values to severities to use in the "fieldValueMapping" case
CseMatchRuleSeverityMappingMapping, CseMatchRuleSeverityMappingMappingArgs
, CseMatchRuleSeverityMappingMappingArgs
Import
Match Rules can be imported using the field id, e.g.:
hcl
$ pulumi import sumologic:index/cseMatchRule:CseMatchRule match_rule id
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Sumo Logic pulumi/pulumi-sumologic
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
sumologicTerraform Provider.