Field extraction policy creation and management endpoints in the REST API
Create and manage field extraction policies that are used to extract fields from log messages.
POST/policies
Create a field extraction policy
Authorization: Bearer <JWT_token>
Example request body
"name": "Field Extraction Policy",
"description": "Description of the field extraction policy",
"selection_criteria": "( message contains 'Critical' )",
"configurations": [
{
"name": "Extraction Config",
"type": "EXTRACTION",
"display_order": 1,
"details":{
"logField":"$.message",
"regex": "(?<ip>\S+) (?<user>\S+) (?<time>\[[^]]+\]) (?<method>[^ ]+)",
"sampleInput":"127.0.0.1 Frank [10/Oct/2000:13:55:36 -0700] GET /apache_pb.gif HTTP/1.0 200 2326",
"fieldsToExtract": [
"ip",
"user",
"method"
]
}
}
],
"enabled": true,
"execution_order": 0
}
Response codes
Code | Description |
|---|---|
201 | Field extraction policy is created successfully. Returns the policy ID in the payload. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
415 | Incorrect request format. Ensure that the request format is JSON. |
500 | Unexpected condition encountered. Contact BMC Support. |
PUT/policies/{id}
Update a field extraction policy by ID
Authorization: Bearer <JWT_token>
Parameter details
Example request body
"name": "Field Extraction Policy",
"description": "Description of the field extraction policy",
"selection_criteria": "( message contains 'Critical' )",
"configurations": [
{
"name": "Extraction Config",
"type": "EXTRACTION",
"display_order": 1,
"details":{
"logField":"$.message",
"regex": "(?<ip>\S+) (?<user>\S+) (?<time>\[[^]]+\]) (?<method>[^ ]+)",
"sampleInput":"127.0.0.1 Frank [10/Oct/2000:13:55:36 -0700] GET /apache_pb.gif HTTP/1.0 200 2326",
"fieldsToExtract": [
"ip",
"user",
"method"
]
}
}
],
"enabled": true,
"execution_order": 0
}
Response codes
Code | Description |
|---|---|
200 | Field extraction policy is updated successfully. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
404 | The field extraction policy ID is not found. |
415 | Incorrect request format. Ensure that the request format is JSON and field extraction policy IDs are correct. |
500 | Unexpected condition encountered. Contact BMC Support. |
GET/policies/{id}
Get a field extraction policy by ID
Authorization: Bearer <JWT_token>
Parameter details
Response codes
Code | Description |
|---|---|
200 | Field extraction policies returned successfully. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
404 | The field extraction policy ID is not found. |
500 | Unexpected condition encountered. Contact BMC Support. |
POST/policies/search
Search field extraction policies
Authorization: Bearer <JWT_token>
Example request body
"page_index": 1,
"page_size": 100,
"search_string": "name = 'Field Extraction Policy' and enabled = true",
"sort_criteria": "name DESC, enabled ASC"
}
Response codes
Code | Description |
|---|---|
200 | Field extraction policies are found. Returns details of the policies in the payload. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
415 | Incorrect request format. Ensure that the request format is JSON and field extraction policy IDs are correct. |
500 | Unexpected condition encountered. Contact BMC Support. |
POST/policies/enable
Enable field extraction policies
Authorization: Bearer <JWT_token>
Example request body
"ids": [
"a00a0a00-a000-00a0-a000-0a000aa0a0a0"
]
}
Response codes
Code | Description |
|---|---|
200 | Field extraction policies are enabled successfully. |
207 | Some field extraction policies are enabled. IDs of the policies that are not enabled are returned. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
415 | Incorrect request format. Ensure that the request format is JSON and field extraction policy IDs are correct. |
500 | Unexpected condition encountered. Contact BMC Support. |
POST/policies/disable
Disable field extraction policies
Authorization: Bearer <JWT_token>
Example request body
"ids": [
"a00a0a00-a000-00a0-a000-0a000aa0a0a0"
]
}
Response codes
Code | Description |
|---|---|
200 | Field extraction policies are disabled successfully. |
207 | Some field extraction policies are disabled. IDs of the policies that are not disabled are returned. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
415 | Incorrect request format. Ensure that the request format is JSON and field extraction policy IDs are correct. |
500 | Unexpected condition encountered. Contact BMC Support. |
DELETE/policies
Delete field extraction policies
Authorization: Bearer <JWT_token>
For instructions on obtaining the JWT token, see Access and authentication for the REST API..
Example request body
"id": [
"a00a0a00-a000-00a0-a000-0a000aa0a0a0"
]
}
Response codes
Code | Description |
|---|---|
200 | Field extraction policies are deleted successfully. |
207 | Some field extraction policies are deleted. IDs of the policies that are not deleted are returned. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
415 | Incorrect request format. Ensure that the request format is JSON and field extraction policy IDs are correct. |
500 | Unexpected condition encountered. Contact BMC Support. |
POST/policies/regex/extract
Evaluate regular expression to extract fields
Authorization: Bearer <JWT_token>
Example request body
"regex": "(?<ip>\\S+) (?<user>\\S+) (?<time>\\[[^]]+]) (?<method>\"[^\"]+\") (?<status>\\S+) (?<bytes>\\S+)",
"sampleInput": "127.0.0.1 Frank [10/Oct/2000:13:55:36 -0700] \"GET /apache_pb.gif HTTP/1.0\" 200 2326"
}
Response codes
Code | Description |
|---|---|
200 | Regular expression matches the sample input. |
400 | Error for invalid data. Check if all input values are valid. |
401 | Authorization failure. Verify JWT. |
403 | Permission denied. Verify the roles assigned to you. |
415 | Incorrect request format. Ensure that the regular expression and sample input match correctly. |
500 | Unexpected condition encountered. Contact BMC Support. |