Parsing rule creation and management endpoints in the REST API

Create and manage parsing rules that are used to parse the logs to be collected.

POST/rules
Create a parsing rule
Request URL
/logs-service/api/v1.0/collection/rules
Example request URL
https://HostA.bmc.com/logs-service/api/v1.0/collection/rules
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>


Example request body

{
   "id": "",
   "name": "Apache",
   "description": "Apache log parser",
   "params": [
       {
           "name": "format",
           "secret": false,
           "dataType": "enum",
           "context": {
               "isParserTypeValue": "true"
           },
           "value": "apache2"
       },
       {
           "name": "expression",
           "secret": false,
           "dataType": "String",
           "context": {
               "isParserAttribute": "true"
           },
           "value": "/^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \\[(?<time>[^\\]]*)\\] \"(?<method>\\S+)(?: +(?<path>(?:[^\\\"]|\\\\.)*?)(?: +\\S*)?)?\" (?<code>[^ ]*) (?<size>[^ ]*)(?: \"(?<referer>(?:[^\\\"]|\\.)*)\" \"(?<agent>(?:[^\\\"]|\\\\.)*)\\\")?$/"
        },
        {
            "name": "time_format",
            "secret": false,
            "dataType": "String",
            "context": {
                "isParserAttribute": "true"
            },
            "value": "%d/%b/%Y:%H:%M:%S %z"
        }
    ],
    "integration_template_id": "da51ea5a-f396-40c7-afc4-206b833746eb",
    "collection_type": "FILE",
    "rule_type": "PARSER"
}


Response codes

Code

Description

200

Parsing rule is created successfully. Returns the rule ID in the payload.

400

Error for invalid data. Check if all input values are valid. 

401

Authorization failure. Verify JWT.

403

Permission denied. Verify the roles assigned to you.

415

Incorrect request format. Ensure that the request format is JSON.

500

Unexpected condition encountered. Contact BMC Support.

Back to top

PUT/rules/{id}
Update a parsing rule by ID
Request URL
/logs-service/api/v1.0/collection/rules/{id}
Example request URL
https://HostA.bmc.com/logs-service/api/v1.0/collection/rules/a00a0a00-a000-00a0-a000-0a000aa0a0a0
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>


Parameter details



Example request body

{
   "id": "dfecb074-c691-40f9-bb21-c125d8a74b9d",
   "name": "Apache",
   "description": "Apache log parser edit",
   "tenant_id": "111111100",
   "rule_type": "PARSER",
   "params": [
       {
           "name": "format",
           "secret": false,
           "dataType": "enum",
           "context": {
               "isParserTypeValue": "true"
           },
           "value": "apache2"
       },
       {
           "name": "expression",
           "secret": false,
           "dataType": "String",
           "context": {
               "isParserAttribute": "true"
           },
           "value": "/^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \\[(?<time>[^\\]]*)\\] \"(?<method>\\S+)(?: +(?<path>(?:[^\\\"]|\\\\.)*?)(?: +\\S*)?)?\" (?<code>[^ ]*) (?<size>[^ ]*)(?: \"(?<referer>(?:[^\\\"]|\\.)*)\" \"(?<agent>(?:[^\\\"]|\\\\.)*)\\\")?$/"
        },
        {
            "name": "time_format",
            "secret": false,
            "dataType": "String",
            "context": {
                "isParserAttribute": "true"
            },
            "value": "%d/%b/%Y:%H:%M:%S %z"
        }
    ],
    "integration_template_id": "da51ea5a-f396-40c7-afc4-206b833746eb",
    "collection_type": "FILE",
    "updated_at": 1673250116669,
    "policy_count": 0
}

Response codes

Code

Description

200

Parsing rule is updated successfully.

400

Error for invalid data. Check if all input values are valid. 

401

Authorization failure. Verify JWT.

403

Permission denied. Verify the roles assigned to you.

404

The parsing rule ID is not found.

415

Incorrect request format. Ensure that the request format is JSON and parsing rule ID is correct.

500

Unexpected condition encountered. Contact BMC Support.

Back to top

GET/rules/{id}
Get a parsing rule by ID
Request URL
/logs-service/api/v1.0/collection/rules/{ID}
Example request URL
https://HostA.bmc.com/logs-service/api/v1.0/collection/rules/a00a0a00-a000-00a0-a000-0a000aa0a0a0/upload
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>


Parameter details



Response codes

Code

Description

200

Parsing rule is returned successfully.

400

Error for invalid data. Check if all input values are valid. 

401

Authorization failure. Verify JWT.

403

Permission denied. Verify the roles assigned to you.

404

The parsing rule ID is not found.

500

Unexpected condition encountered. Contact BMC Support.

Back to top

POST/rules/search
Search parsing rules
Request URL
/logs-service/api/v1.0/collection/rules/search
Example request URL
https://HostA.bmc.com/logs-service/api/v1.0/collection/rules/search
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>


Example request body

{
"page_index": 1,
"page_size": 2000, "search_string": "rule_type = 'PARSER'",
"sort_criteria": "name ASC"
}


Response codes

Code

Description

200

Rule is found. Returns details of the parsing rule in the payload.

400

Error for invalid data. Check if all input values are valid. 

401

Authorization failure. Verify JWT.

403

Permission denied. Verify the roles assigned to you.

500

Unexpected condition encountered. Contact BMC Support.

Back to top

DELETE/rules
Delete parsing rules
Request URL
/logs-service/api/v1.0/collection/rules
Example request URL
https://HostA.bmc.com/logs-service/api/v1.0/collection/rules
Request Header
Content-Type: application/json
Authorization: Bearer <JWT_token>

For instructions on obtaining the JWT token, see Access and authentication for the REST API..

Example request body

{
 "id": [
   "a00a0a00-a000-00a0-a000-0a000aa0a0a0"
  ]
}

Response codes

Code

Description

200

Parsing rule is deleted successfully.

400

Error for invalid data. Check if all input values are valid. 

401

Authorization failure. Verify JWT.

403

Permission denied. Verify the roles assigned to you.

404

Parsing rules is not found.

500

Unexpected condition encountered. Contact BMC Support.

Back to top

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*