Log type APIs

The log type APIs allow you to create a custom log type, search custom log types, update custom log types, and delete custom log types.

Create log type

Creating a new custom log type involves entering a name and a description and specifying the source as Custom.

Example request

  1. POST /_plugins/_security_analytics/logtype
  2. {
  3. "description": "custom-log-type-desc",
  4. "name": "custom-log-type4",
  5. "source": "Custom"
  6. }

copy

Example response

  1. {
  2. "_id": "m98uk4kBlb9cbROIpEj2",
  3. "_version": 1,
  4. "logType": {
  5. "name": "custom-log-type4",
  6. "description": "custom-log-type-desc",
  7. "source": "Custom",
  8. "tags": {
  9. "correlation_id": 27
  10. }
  11. }
  12. }

Search custom log types

This API allows you to search log types in the system.

Example request

  1. POST /_plugins/_security_analytics/logtype/_search
  2. {
  3. "query": {
  4. "match_all": {}
  5. }
  6. }

copy

Example response

  1. {
  2. "took": 3,
  3. "timed_out": false,
  4. "_shards": {
  5. "total": 1,
  6. "successful": 1,
  7. "skipped": 0,
  8. "failed": 0
  9. },
  10. "hits": {
  11. "total": {
  12. "value": 26,
  13. "relation": "eq"
  14. },
  15. "max_score": 2.0,
  16. "hits": [
  17. {
  18. "_index": ".opensearch-sap-log-types-config",
  19. "_id": "s3",
  20. "_score": 2.0,
  21. "_source": {
  22. "name": "s3",
  23. "description": "Windows logs",
  24. "source": "Sigma",
  25. "tags": {
  26. "correlation_id": 21
  27. }
  28. }
  29. },
  30. {
  31. "_index": ".opensearch-sap-log-types-config",
  32. "_id": "others_compliance",
  33. "_score": 2.0,
  34. "_source": {
  35. "name": "others_compliance",
  36. "description": "Compliance logs",
  37. "source": "Sigma",
  38. "tags": {
  39. "correlation_id": 4
  40. }
  41. }
  42. },
  43. {
  44. "_index": ".opensearch-sap-log-types-config",
  45. "_id": "github",
  46. "_score": 2.0,
  47. "_source": {
  48. "name": "github",
  49. "description": "Sys logs",
  50. "source": "Sigma",
  51. "tags": {
  52. "correlation_id": 16
  53. }
  54. }
  55. },
  56. {
  57. "_index": ".opensearch-sap-log-types-config",
  58. "_id": "others_application",
  59. "_score": 2.0,
  60. "_source": {
  61. "name": "others_application",
  62. "description": "Application logs",
  63. "source": "Sigma",
  64. "tags": {
  65. "correlation_id": 0
  66. }
  67. }
  68. },
  69. {
  70. "_index": ".opensearch-sap-log-types-config",
  71. "_id": "dns",
  72. "_score": 2.0,
  73. "_source": {
  74. "name": "dns",
  75. "description": "Compliance logs",
  76. "source": "Sigma",
  77. "tags": {
  78. "correlation_id": 15
  79. }
  80. }
  81. },
  82. {
  83. "_index": ".opensearch-sap-log-types-config",
  84. "_id": "m98uk4kBlb9cbROIpEj2",
  85. "_score": 2.0,
  86. "_source": {
  87. "name": "custom-log-type-updated4",
  88. "description": "custom-log-type-updated-desc",
  89. "source": "Custom",
  90. "tags": null
  91. }
  92. }
  93. ]
  94. }
  95. }

Update custom log type

This API allows you to update existing custom log types. Use the log type’s ID in the route to specify the log type, as shown in the following example:

  1. PUT /_plugins/_security_analytics/logtype/<log_type_id>

Example request

  1. PUT /_plugins/_security_analytics/logtype/m98uk4kBlb9cbROIpEj2
  2. {
  3. "name": "custom-log-type4",
  4. "description": "custom-log-type-updated-desc",
  5. "source": "Custom"
  6. }

copy

Example response

  1. {
  2. "_id": "m98uk4kBlb9cbROIpEj2",
  3. "_version": 1,
  4. "logType": {
  5. "name": "custom-log-type4",
  6. "description": "custom-log-type-updated-desc",
  7. "source": "Custom",
  8. "tags": {
  9. "correlation_id": 27
  10. }
  11. }
  12. }

Delete custom log type

This API is used to delete a custom log type. Specify the log type’s ID in the route to run the operation:

  1. DELETE /_plugins/_security_analytics/logtype/<log_type_id>

Example request

  1. DELETE /_plugins/_security_analytics/logtype/m98uk4kBlb9cbROIpEj2

copy

Example response

  1. 200 OK
  2. {
  3. "_id": "m98uk4kBlb9cbROIpEj2",
  4. "_version": 1
  5. }

Only custom log types can be deleted. Trying to delete a standard OpenSearch-defined log type results in an error.