Enrichment policy creation and management endpoints in the REST API
Important
The DNS, GeoIP, and LDAP enrichment sources are not available starting with the 22.2 release. The existing enrichment policies that contain any of these enrichment sources will not enrich logs by using these sources. The CSV enrichment source will continue to enrich the logs.
Create and manage enrichment policies that are used to enrich the logs.
POST/policies
Create an enrichment policy
Authorization: Bearer <JWT_token>
Example request body
"name": "Log Enrichment Policy",
"description": "Dummy description",
"selection_criteria": "( Organization Equals 'HP' ) OR ( Host Equals 'bmc_host_name' )",
"configurations": [
{
"name": "CSV_Enrichment",
"type": "ENRICHMENT",
"details": {
"enrichment_type": "CSV",
"enrichment_source_id": "<ID_value>",
"enrichment_field_mapping": {
"$.hostname": "hostname"
},
"source_field_mapping": {
"ipaddress": "$.ipaddress"
}
},
"display_order": 1
}
],
"enabled": true,
"execution_order": 1
}
Response codes
Code | Description |
|---|---|
201 | Enrichment policy is created successfully. Returns the enrichment policy ID in the payload. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
415 | Incorrect request format. Ensure that the request format is JSON. |
500 | Unexpected condition encountered. Contact BMC Support. |
PUT/policies/{id}
Update an enrichment policy by ID
Authorization: Bearer <JWT_token>
Parameter details
Example request body
"name": "Log Enrichment Policy",
"description": "Dummy description",
"selection_criteria": "( Organization Equals 'HP' ) OR ( Host Equals 'bmc_host_name' )",
"configurations": [
{
"name": "CSV_Enrichment",
"type": "ENRICHMENT",
"details": {
"enrichment_type": "CSV",
"enrichment_source_id": "<ID_value>",
"enrichment_field_mapping": {
"$.hostname": "hostname"
},
"source_field_mapping": {
"ipaddress": "$.ipaddress"
}
},
"display_order": 1
}
],
"enabled": true,
"execution_order": 1
}
Response codes
Code | Description |
|---|---|
200 | Enrichment policy is updated successfully. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
404 | The enrichment policy ID is not found. |
415 | Incorrect request format. Ensure that the request format is JSON and enrichment policy IDs are correct. |
500 | Unexpected condition encountered. Contact BMC Support. |
GET/policies/{id}
Get an enrichment policy by ID
Authorization: Bearer <JWT_token>
Parameter details
Response codes
Code | Description |
|---|---|
200 | Enrichment policies returned successfully. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
404 | The enrichment policy ID is not found. |
500 | Unexpected condition encountered. Contact BMC Support. |
POST/policies/search
Search enrichment policies
Authorization: Bearer <JWT_token>
Example request body
"page_index": 1,
"page_size": 100,
"search_string": "name = 'Log Enrichment Policy' and enabled = true",
"sort_criteria": "name DESC, enabled ASC"
}
Response codes
Code | Description |
|---|---|
200 | Enrichment policies are found. Returns details of the policies in the payload. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
415 | Incorrect request format. Ensure that the request format is JSON and enrichment policy IDs are correct. |
500 | Unexpected condition encountered. Contact BMC Support. |
POST/policies/enable
Enable enrichment policies
Authorization: Bearer <JWT_token>
Example request body
"ids": [
"a00a0a00-a000-00a0-a000-0a000aa0a0a0"
]
}
Response codes
Code | Description |
|---|---|
200 | Enrichment policies are enabled successfully. |
207 | Some enrichment policies are enabled. IDs of the policies that are not enabled are returned. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
415 | Incorrect request format. Ensure that the request format is JSON and enrichment policy IDs are correct. |
500 | Unexpected condition encountered. Contact BMC Support. |
POST/policies/disable
Disable enrichment policies
Authorization: Bearer <JWT_token>
Example request body
"ids": [
"a00a0a00-a000-00a0-a000-0a000aa0a0a0"
]
}
Response codes
Code | Description |
|---|---|
200 | Enrichment policies are disabled successfully. |
207 | Some enrichment policies are disabled. IDs of the policies that are not disabled are returned. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
415 | Incorrect request format. Ensure that the request format is JSON and enrichment policy IDs are correct. |
500 | Unexpected condition encountered. Contact BMC Support. |
DELETE/policies
Delete enrichment policies
Authorization: Bearer <JWT_token>
For instructions on obtaining the JWT token, see Access and authentication for the REST API..
Example request body
"id": [
"a00a0a00-a000-00a0-a000-0a000aa0a0a0"
]
}
Response codes
Code | Description |
|---|---|
200 | Enrichment policies are deleted successfully. |
207 | Some enrichment policies are deleted. IDs of the policies that are not deleted are returned. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
415 | Incorrect request format. Ensure that the request format is JSON and enrichment policy IDs are correct. |
500 | Unexpected condition encountered. Contact BMC Support. |