Skip to main content
Sumo Logic

JSON Parameters for Hosted Sources

This topic describes JSON Source parameters for hosted Collectors. See the following topics for additional information:

Source types for hosted Collectors

Each Source can have its own unique fields in addition to the generic fields listed in Use JSON to Configure Sources. The sourceType field determines the type of Source (and the associated parameters). The next table lists the valid field types. The sections that follow list the unique parameters for each and associated JSON examples.

Hosted log Sources

Field Type Type Value
HTTP Source HTTP
Cloud Syslog Source Cloudsyslog
Amazon S3 Source Polling
AWS Elastic Load Balancing Source Polling
AWS CloudFront Source Polling
AWS CloudTrail Source Polling
AWS S3 Audit Source Polling

Hosted Metrics Sources

Field Type Type Value
AWS CloudWatch Source Polling

Log Source parameters for hosted Collectors

 

HTTP Source

In addition to the common parameters, the following parameters are for HTTP Source.

Parameter Type Required? Default Description Access
sourceType String Yes   HTTP not modifiable
messagePerRequest Boolean Yes   When set to true, only a single message will be sent for each HTTP request. To disable this feature, set to false modifiable

HTTP Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType":"HTTP",
      "name":"Example1",
      "messagePerRequest": true
   }
}

Cloud Syslog Source

In addition to the common parameters, the following parameters are for Cloud Syslog Source.

Parameter Type Required? Default Description Access
sourceType String Yes   Cloudsyslog not modifiable

Cloud Syslog Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType":"Cloudsyslog",
      "name":"Example1"
   }
}

Amazon S3 Source

In addition to the common parameters, the following parameters are for Amazon S3 Source.

Parameter Type Required? Default Description Access
sourceType String Yes   Polling not modifiable
contentType String No   AwsS3Bucket not modifiable
scanInterval Long Yes  300000 Time interval of S3 bucket scans for new data, in milliseconds.

Minimum value:  1000
modifiable
paused Boolean Yes false When set to true, the scanner for S3 bucket items is paused. To disable, set to false. modifiable
thirdPartyRef Nested JSON Yes   Includes all required information for third-party integration, including the S3 bucket name, path expression for the S3 objects, and access credentials.  modifiable

Amazon S3 Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsS3Bucket",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsS3Bucket",
               "path": {
                  "type": "S3BucketPathExpression",
                  "bucketName": "Bucket1",
                  "pathExpression": "*"
               }
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }    
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}

AWS Elastic Load Balancing Source

In addition to the common parameters, the following parameters are for AWS Elastic Load Balancing Source.

Parameter Type Required? Default Description Access
sourceType String Yes   Polling not modifiable
contentType String No   AwsElbBucket not modifiable
scanInterval Long Yes  300000 Time interval of S3 bucket scans for new data, in milliseconds.

Minimum value:  1000
modifiable
paused Boolean Yes false When set to true, the scanner for S3 bucket items is paused. To disable, set to false. modifiable
thirdPartyRef Nested JSON Yes   Includes all required information for third-party integration, including the S3 bucket name, path expression for the S3 objects, and access credentials.  modifiable

AWS Elastic Load Balancing Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsElbBucket",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsElbBucket",
               "path": {
                  "type": "S3BucketPathExpression",
                  "bucketName": "Bucket1",
                  "pathExpression": "*"
               }
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }    
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}

AWS CloudFront Source

In addition to the common parameters, the following parameters are for AWS CloudFront Source.

Parameter Type Required? Default Description Access
sourceType String Yes   Polling not modifiable
contentType String No   AwsCloudFrontBucket not modifiable
scanInterval Long Yes  300000 Time interval of S3 bucket scans for new data, in milliseconds.

Minimum value:  1000
modifiable
paused Boolean Yes false When set to true, the scanner for S3 bucket items is paused. To disable, set to false. modifiable
thirdPartyRef Nested JSON Yes   Includes all required information for third-party integration, including the S3 bucket name, path expression for the S3 objects, and access credentials.  modifiable

AWS CloudFront Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsCloudFrontBucket",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsCloudFrontBucket",
               "path": {
                  "type": "S3BucketPathExpression",
                  "bucketName": "Bucket1",
                  "pathExpression": "*"
               }
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }    
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}

AWS CloudTrail Source

In addition to the common parameters, the following parameters are for AWS CloudTrail Source.

Parameter Type Required? Default Description Access
sourceType String Yes   Polling not modifiable
contentType String No   AwsCloudTrailBucket not modifiable
scanInterval Long Yes  300000 Time interval of S3 bucket scans for new data, in milliseconds.

Minimum value:  1000
modifiable
paused Boolean Yes false When set to true, the scanner for S3 bucket items is paused. To disable, set to false. modifiable
thirdPartyRef Nested JSON Yes   Includes all required information for third-party integration, including the S3 bucket name, path expression for the S3 objects, and access credentials.  modifiable

AWS CloudTrail Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsCloudTrailBucket",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsCloudTrailBucket",
               "path": {
                  "type": "S3BucketPathExpression",
                  "bucketName": "Bucket1",
                  "pathExpression": "*"
               }
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }    
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}

Amazon S3 Audit Source

In addition to the common parameters, the following parameters are for Amazon S3 Audit Source.

Parameter Type Required? Default Description Access
sourceType String Yes   Polling not modifiable
contentType String No   AwsS3AuditBucket not modifiable
scanInterval Long Yes  300000 Time interval of S3 bucket scans for new data, in milliseconds.

Minimum value:  1000
modifiable
paused Boolean Yes false When set to true, the scanner for S3 bucket items is paused. To disable, set to false. modifiable
thirdPartyRef Nested JSON Yes   Includes all required information for third-party integration, including the S3 bucket name, path expression for the S3 objects, and access credentials.  modifiable

AWS S3 Audit Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsS3AuditBucket",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsS3AuditBucket",
               "path": {
                  "type": "S3BucketPathExpression",
                  "bucketName": "Bucket1",
                  "pathExpression": "*"
               }
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }    
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}

Metrics Source parameters for hosted Collectors

AWS CloudWatch Source

In addition to the common parameters, the following parameters are for AWS CloudWatch Source.

Parameter Type Required? Default Description Access
sourceType String Yes   Polling not modifiable
contentType String No   AwsCloudWatch not modifiable
scanInterval Long Yes  300000 Time interval of S3 bucket scans for new data, in milliseconds.

Minimum value:  1000
modifiable
paused Boolean Yes false When set to true, the scanner for metrics is paused. To disable, set to false. modifiable
thirdPartyRef Nested JSON Yes   Includes all required information for third-party integration, including the relevant Amazon regions, namespaces, and access credentials. modifiable

AWS CloudWatch Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsCloudWatch",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsCloudWatch",
               "path": {
                  "type": "CloudWatchPath",
                  "limitToRegions": ["region-1", "region-2"],
                  "limitToNamespaces": ["AWS/ELB", "AWS/Route53", "AWS/OpsWork"]
               },
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}