HTTP Source
In addition to the common parameters, the following parameters are for HTTP Source.
| Parameter |
Type |
Required? |
Default |
Description |
Access |
| sourceType |
String |
Yes |
|
HTTP |
not modifiable |
| messagePerRequest |
Boolean |
Yes |
|
When set to true, only a single message will be sent for each HTTP request. To disable this feature, set to false.
You need to specify the common parameter multilineProcessingEnabled as false when setting messagePerRequest to true. |
modifiable |
| url |
String |
No |
URL assigned by Sumo for Source |
The Source's unique http endpoint web address. |
not modifiable |
HTTP Source JSON example:
{
"api.version": "v1",
"source": {
"sourceType": "HTTP",
"name": "Example1",
"messagePerRequest": true,
"multilineProcessingEnabled": false
}
}
Cloud Syslog Source
In addition to the common parameters, the following parameters are for Cloud Syslog Source.
| Parameter |
Type |
Required? |
Default |
Description |
Access |
| sourceType |
String |
Yes |
|
Cloudsyslog |
not modifiable |
Cloud Syslog Source JSON example:
{
"api.version":"v1",
"source":{
"sourceType":"Cloudsyslog",
"name":"Example1"
}
}
AWS Log Sources
In addition to the common parameters, the following parameters are for all AWS log Sources.
| Parameter |
Type |
Required? |
Default |
Description |
Access |
| sourceType |
String |
Yes |
|
Polling |
not modifiable |
| contentType |
String |
No |
|
Define based on the AWS Source you are creating.
S3: AwsS3Bucket
ELB: AwsElbBucket
CloudFront: AwsCloudFrontBucket
CloudTrail: AwsCloudTrailBucket
S3 Audit: AwsS3AuditBucket |
not modifiable |
| scanInterval |
Long |
Yes |
300000 |
Time interval of S3 bucket scans for new data, in milliseconds. Minimum value: 1000
For Automatic assign to: -1 |
modifiable |
| paused |
Boolean |
Yes |
false |
When set to true, the scanner for S3 bucket items is paused. To disable, set to false. |
modifiable |
| url |
String |
No |
URL assigned by Sumo for Source |
Used to set up Event Based Notifications with AWS. This value is created and assigned by Sumo when the Source is created. |
not modifiable |
| thirdPartyRef |
Nested JSON |
Yes |
|
Includes all required information for third-party integration, including the S3 bucket name, path expression for the S3 objects, and access credentials.
IAM User authentication example:
"authentication": {
"type": "S3BucketAuthentication",
"awsId": "AKIAIOSFODNN7EXAMPLE",
"awsKey": "*******"
}
IAM Role authentication example:
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
} |
modifiable |
snsTopicOrSubscriptionArn
This parameter goes in the thirdPartyRef nested JSON. |
String |
No |
|
SNS topic/subscription ARN. If SNS has been successfully configured and has received a subscription confirmation request isSuccess will be true.
"thirdPartyRef": {
"resources": [{
"serviceType": "#",
"path": {
"type": "#",
"bucketName": "#",
"pathExpression": "*",
"snsTopicOrSubscriptionArn": {
"isSuccess": true,
"arn": "arn:aws:sns:#:#:SumoSNSTopic-#:#"
}
},
"authentication": {...
}
}]
} |
not modifiable |
bucketName
This parameter goes in the thirdPartyRef nested JSON. |
String |
Yes |
|
Name of your AWS S3 bucket. |
Modifiable |
pathExpression
This parameter goes in the thirdPartyRef nested JSON. |
String |
Yes |
|
Wildcard pattern that matches the S3 objects you'd like to collect. |
Modifiable |
Amazon S3 Source
The parameters for this Source can be referenced in the AWS Log Sources section. This is an Amazon S3 Source JSON example:
{
"api.version":"v1",
"source":{
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsS3Bucket",
"thirdPartyRef":{
"resources":[
{
"serviceType": "AwsS3Bucket",
"path": {
"type": "S3BucketPathExpression",
"bucketName": "Bucket1",
"pathExpression": "*"
},
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
}
}
]
},
"scanInterval": 300000,
"paused": false
}
}
AWS Elastic Load Balancing Source
The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS Elastic Load Balancing Source JSON example:
{
"api.version": "v1",
"source": {
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsElbBucket",
"thirdPartyRef": {
"resources": [{
"serviceType": "AwsElbBucket",
"path": {
"type": "S3BucketPathExpression",
"bucketName": "Bucket1",
"pathExpression": "*"
},
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
}
}]
},
"scanInterval": 300000,
"paused": false
}
}
AWS CloudFront Source
The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS CloudFront Source JSON example:
{
"api.version": "v1",
"source": {
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsCloudFrontBucket",
"thirdPartyRef": {
"resources": [{
"serviceType": "AwsCloudFrontBucket",
"path": {
"type": "S3BucketPathExpression",
"bucketName": "Bucket1",
"pathExpression": "*"
},
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
}
}]
},
"scanInterval": 300000,
"paused": false
}
}
AWS CloudTrail Source
The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS CloudTrail Source JSON example:
{
"api.version": "v1",
"source": {
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsCloudTrailBucket",
"thirdPartyRef": {
"resources": [{
"serviceType": "AwsCloudTrailBucket",
"path": {
"type": "S3BucketPathExpression",
"bucketName": "Bucket1",
"pathExpression": "*"
},
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
}
}]
},
"scanInterval": 300000,
"paused": false
}
}
Amazon S3 Audit Source
The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS S3 Audit Source JSON example:
{
"api.version": "v1",
"source": {
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsS3AuditBucket",
"thirdPartyRef": {
"resources": [{
"serviceType": "AwsS3AuditBucket",
"path": {
"type": "S3BucketPathExpression",
"bucketName": "Bucket1",
"pathExpression": "*"
},
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
}
}]
},
"scanInterval": 300000,
"paused": false
}
}
Metrics Source parameters for Hosted Collectors
AWS CloudWatch Source
In addition to the common parameters, the following parameters are for AWS CloudWatch Source.
| Parameter |
Type |
Required? |
Default |
Description |
Access |
| sourceType |
String |
Yes |
|
Polling |
not modifiable |
| contentType |
String |
No |
|
AwsCloudWatch |
not modifiable |
| scanInterval |
Long |
Yes |
300000 |
Time interval of S3 bucket scans for new data, in milliseconds.
Minimum value: 1000 |
modifiable |
| paused |
Boolean |
Yes |
false |
When set to true, the scanner for metrics is paused. To disable, set to false. |
modifiable |
| thirdPartyRef |
Nested JSON |
Yes |
|
Includes all required information for third-party integration, including the relevant Amazon regions, namespaces, and access credentials. |
modifiable |
AWS CloudWatch Source JSON example:
{
"api.version":"v1",
"source":{
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsCloudWatch",
"thirdPartyRef":{
"resources":[
{
"serviceType": "AwsCloudWatch",
"path": {
"type": "CloudWatchPath",
"limitToRegions": ["region-1", "region-2"],
"limitToNamespaces": ["AWS/ELB", "AWS/Route53", "AWS/OpsWork"]
},
"authentication": {
"type": "S3BucketAuthentication",
"awsId": "AKIAIOSFODNN7EXAMPLE",
"awsKey": "*******"
}
}
]
},
"scanInterval": 300000,
"paused": false
}
}
