HTTP Source
In addition to the common parameters, the following parameters are for an HTTP Source.
Parameter |
Type |
Required? |
Default |
Description |
Access |
fields |
JSON
Object |
No |
|
Enable Extended HTTP Metadata Collection by adding _convertHeadersToFields=true . |
modifiable |
sourceType |
String |
Yes |
|
HTTP |
not modifiable |
messagePerRequest |
Boolean |
Yes |
|
When set to true , only a single message will be sent for each HTTP request. To disable this feature, set to false .
You need to specify the common parameter multilineProcessingEnabled as false when setting messagePerRequest to true . |
modifiable |
url |
String |
No |
URL assigned by Sumo for Source |
The Source's unique HTTP endpoint web address. |
not modifiable |
HTTP Source JSON example:
{
"api.version": "v1",
"source": {
"sourceType": "HTTP",
"name": "Example1",
"fields":{
"_convertHeadersToFields":"true"
},
"messagePerRequest": true,
"multilineProcessingEnabled": false
}
}
Cloud Syslog Source
In addition to the common parameters, the following parameters are for a Cloud Syslog Source.
Parameter |
Type |
Required? |
Default |
Description |
Access |
sourceType |
String |
Yes |
|
Cloudsyslog |
not modifiable |
Cloud Syslog Source JSON example:
{
"api.version":"v1",
"source":{
"sourceType":"Cloudsyslog",
"name":"Example1"
}
}
AWS Log Sources
In addition to the common parameters, the following parameters are for all AWS log Sources.
Parameter |
Type |
Required? |
Default |
Description |
Access |
sourceType |
String |
Yes |
|
Polling |
not modifiable |
contentType |
String |
No |
|
Define based on the AWS Source you are creating.
S3: AwsS3Bucket
S3 Audit: AwsS3AuditBucket
CloudFront: AwsCloudFrontBucket
CloudTrail: AwsCloudTrailBucket
ELB: AwsElbBucket
Metadata: AwsMetadata |
not modifiable |
scanInterval |
Long |
Yes |
300000 |
Time interval of S3 bucket scans for new data, in milliseconds. Minimum value: 1000
For Automatic assign to: -1 |
modifiable |
paused |
Boolean |
Yes |
false |
When set to true , the scanner for S3 bucket items is paused. To disable, set to false . |
modifiable |
url |
String |
No |
URL assigned by Sumo for Source |
Used to set up Event Based Notifications with AWS. This value is created and assigned by Sumo when the Source is created. |
not modifiable |
thirdPartyRef |
Nested JSON |
Yes |
|
Includes all required information for third-party integration, including the S3 bucket name, path expression for the S3 objects, and access credentials.
IAM User authentication example:
"authentication": {
"type": "S3BucketAuthentication",
"awsId": "AKIAIOSFODNN7EXAMPLE",
"awsKey": "*******"
}
IAM Role authentication example:
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
} |
modifiable |
snsTopicOrSubscriptionArn
This parameter goes in the thirdPartyRef nested JSON. |
String |
No |
|
SNS topic/subscription ARN. If SNS has been successfully configured and has received a subscription confirmation request isSuccess will be true .
"thirdPartyRef": {
"resources": [{
"serviceType": "#",
"path": {
"type": "#",
"bucketName": "#",
"pathExpression": "*",
"snsTopicOrSubscriptionArn": {
"isSuccess": true,
"arn": "arn:aws:sns:#:#:SumoSNSTopic-#:#"
}
},
"authentication": {...
}
}]
} |
not modifiable |
bucketName
This parameter goes in the thirdPartyRef nested JSON. |
String |
Yes |
|
Name of your AWS S3 bucket. |
Modifiable |
pathExpression
This parameter goes in the thirdPartyRef nested JSON. |
String |
Yes |
|
Wildcard pattern that matches the S3 objects you'd like to collect. |
Modifiable |
Amazon S3 Source
The parameters for this Source can be referenced in the AWS Log Sources section. This is an Amazon S3 Source JSON example:
{
"api.version":"v1",
"source":{
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsS3Bucket",
"thirdPartyRef":{
"resources":[
{
"serviceType": "AwsS3Bucket",
"path": {
"type": "S3BucketPathExpression",
"bucketName": "Bucket1",
"pathExpression": "*"
},
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
}
}
]
},
"scanInterval": 300000,
"paused": false
}
}
AWS Elastic Load Balancing Source
The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS Elastic Load Balancing Source JSON example:
{
"api.version": "v1",
"source": {
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsElbBucket",
"thirdPartyRef": {
"resources": [{
"serviceType": "AwsElbBucket",
"path": {
"type": "S3BucketPathExpression",
"bucketName": "Bucket1",
"pathExpression": "*"
},
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
}
}]
},
"scanInterval": 300000,
"paused": false
}
}
AWS CloudFront Source
The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS CloudFront Source JSON example:
{
"api.version": "v1",
"source": {
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsCloudFrontBucket",
"thirdPartyRef": {
"resources": [{
"serviceType": "AwsCloudFrontBucket",
"path": {
"type": "S3BucketPathExpression",
"bucketName": "Bucket1",
"pathExpression": "*"
},
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
}
}]
},
"scanInterval": 300000,
"paused": false
}
}
AWS CloudTrail Source
The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS CloudTrail Source JSON example:
{
"api.version": "v1",
"source": {
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsCloudTrailBucket",
"thirdPartyRef": {
"resources": [{
"serviceType": "AwsCloudTrailBucket",
"path": {
"type": "S3BucketPathExpression",
"bucketName": "Bucket1",
"pathExpression": "*"
},
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
}
}]
},
"scanInterval": 300000,
"paused": false
}
}
Amazon S3 Audit Source
The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS S3 Audit Source JSON example:
{
"api.version": "v1",
"source": {
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsS3AuditBucket",
"thirdPartyRef": {
"resources": [{
"serviceType": "AwsS3AuditBucket",
"path": {
"type": "S3BucketPathExpression",
"bucketName": "Bucket1",
"pathExpression": "*"
},
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
}
}]
},
"scanInterval": 300000,
"paused": false
}
}
AWS Metadata (Tag) Source
The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS Metadata Source JSON example:
{
"api.version": "v1",
"source": {
"sourceType": "Polling",
"name": "exampleName",
"description": "Poll metadata for data",
"automaticDateParsing": false,
"multilineProcessingEnabled": false,
"useAutolineMatching": false,
"contentType": "AwsMetadata",
"forceTimeZone": false,
"filters": [],
"cutoffTimestamp": 0,
"encoding": "UTF-8",
"fields": {
},
"thirdPartyRef": {
"resources": [{
"serviceType": "AwsMetadata",
"path": {
"type": "AwsMetadataPath",
"limitToRegions": ["ap-southeast-2", "us-east-1", "us-west-2"],
"limitToNamespaces": ["AWS/EC2"],
"tagFilters": ["tag1", "tag2", "tag3", "tag4", "name"]
},
"authentication": {
"type": "AWSRoleBasedAuthentication",
"roleARN": "arn:aws:iam::123456789012:role/myrole"
}
}]
},
"scanInterval": 60000,
"paused": false
}
}
Metrics Source parameters for Hosted Collectors
AWS CloudWatch Source
The following parameters are for an AWS CloudWatch Source.
Parameter |
Type |
Required? |
Default |
Description |
Access |
name |
String |
Yes |
|
Type a desired name of the Source. The name must be unique per Collector. This value is assigned to the metadata field _source . |
modifiable |
description |
String |
No |
null |
Type a description of the Source. |
modifiable |
category |
String |
No |
null |
Type a category of the source. This value is assigned to the metadata field _sourceCategory . See best practices for details. |
modifiable |
sourceType |
String |
Yes |
|
Polling |
not modifiable |
contentType |
String |
No |
|
AwsCloudWatch |
not modifiable |
scanInterval |
Long |
Yes |
300000 |
Time interval of S3 bucket scans for new data, in milliseconds.
Minimum value: 1000 |
modifiable |
paused |
Boolean |
Yes |
false |
When set to true , the scanner for metrics is paused. To disable, set to false . |
modifiable |
thirdPartyRef |
Nested JSON |
Yes |
|
Includes all required information for third-party integration, including the relevant Amazon regions, namespaces, and access credentials. |
modifiable |
AWS CloudWatch Source JSON example:
{
"api.version":"v1",
"source":{
"sourceType": "Polling",
"name": "Example1",
"contentType": "AwsCloudWatch",
"thirdPartyRef":{
"resources":[
{
"serviceType": "AwsCloudWatch",
"path": {
"type": "CloudWatchPath",
"limitToRegions": ["region-1", "region-2"],
"limitToNamespaces": ["AWS/ELB", "AWS/Route53", "AWS/OpsWork"]
},
"authentication": {
"type": "S3BucketAuthentication",
"awsId": "AKIAIOSFODNN7EXAMPLE",
"awsKey": "*******"
}
}
]
},
"scanInterval": 300000,
"paused": false
}
}