Skip to main content
Sumo Logic

JSON Parameters for Hosted Sources

This topic describes JSON Source parameters for Hosted Collectors. See the following topics for additional information:

Source types for Hosted Collectors

Each Source can have its own unique fields in addition to the generic fields listed in Use JSON to Configure Sources. The sourceType field determines the type of Source (and the associated parameters). The next table lists the valid field types. The sections that follow list the unique parameters for each and associated JSON examples.

Hosted log Sources

Field Type Type Value
HTTP Source HTTP
Cloud Syslog Source Cloudsyslog
Amazon S3 Source Polling
AWS Elastic Load Balancing Source Polling
AWS CloudFront Source Polling
AWS CloudTrail Source Polling
AWS S3 Audit Source Polling

Hosted Metrics Sources

Field Type Type Value
AWS CloudWatch Source Polling

Log Source parameters for Hosted Collectors

 

HTTP Source

In addition to the common parameters, the following parameters are for HTTP Source.

Parameter Type Required? Default Description Access
sourceType String Yes   HTTP not modifiable
messagePerRequest Boolean Yes   When set to true, only a single message will be sent for each HTTP request. To disable this feature, set to false

You need to specify the common parameter multilineProcessingEnabled as false when setting messagePerRequest to true.
modifiable

HTTP Source JSON example: 

{
    "api.version": "v1",
    "source": {
        "sourceType": "HTTP",
        "name": "Example1",
        "messagePerRequest": true,
        "multilineProcessingEnabled": false
    }
}

Cloud Syslog Source

In addition to the common parameters, the following parameters are for Cloud Syslog Source.

Parameter Type Required? Default Description Access
sourceType String Yes   Cloudsyslog not modifiable

Cloud Syslog Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType":"Cloudsyslog",
      "name":"Example1"
   }
}

AWS Log Sources

In addition to the common parameters, the following parameters are for all AWS log Sources.

Parameter Type Required? Default Description Access
sourceType String Yes   Polling not modifiable
contentType String No   Define based on the AWS Source you are creating.

S3:                              AwsS3Bucket
ELB:                           AwsElbBucket
CloudFront:          AwsCloudFrontBucket
CloudTrail:             AwsCloudTrailBucket
S3 Audit:                 AwsS3AuditBucket
not modifiable
scanInterval Long Yes  300000 Time interval of S3 bucket scans for new data, in milliseconds.

Minimum value:  1000
modifiable
paused Boolean Yes false When set to true, the scanner for S3 bucket items is paused. To disable, set to false. modifiable
thirdPartyRef Nested JSON Yes   Includes all required information for third-party integration, including the S3 bucket name, path expression for the S3 objects, and access credentials.

IAM User authentication example:

"authentication": {
  "type": "S3BucketAuthentication",
  "awsId": "AKIAIOSFODNN7EXAMPLE",
  "awsKey": "*******"
}


IAM Role authentication example:

"authentication": {
  "type": "AWSRoleBasedAuthentication",
  "roleARN": "arn:aws:iam::123456789012:role/myrole"
}
modifiable

Amazon S3 Source

The parameters for this Source can be referenced in the AWS Log Sources section. This is an Amazon S3 Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsS3Bucket",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsS3Bucket",
               "path": {
                  "type": "S3BucketPathExpression",
                  "bucketName": "Bucket1",
                  "pathExpression": "*"
               },
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }    
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}

AWS Elastic Load Balancing Source

The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS Elastic Load Balancing Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsElbBucket",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsElbBucket",
               "path": {
                  "type": "S3BucketPathExpression",
                  "bucketName": "Bucket1",
                  "pathExpression": "*"
               },
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }    
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}

AWS CloudFront Source

The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS CloudFront Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsCloudFrontBucket",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsCloudFrontBucket",
               "path": {
                  "type": "S3BucketPathExpression",
                  "bucketName": "Bucket1",
                  "pathExpression": "*"
               },
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }    
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}

AWS CloudTrail Source

The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS CloudTrail Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsCloudTrailBucket",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsCloudTrailBucket",
               "path": {
                  "type": "S3BucketPathExpression",
                  "bucketName": "Bucket1",
                  "pathExpression": "*"
               },
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }    
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}

Amazon S3 Audit Source

The parameters for this Source can be referenced in the AWS Log Sources section. This is an AWS S3 Audit Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsS3AuditBucket",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsS3AuditBucket",
               "path": {
                  "type": "S3BucketPathExpression",
                  "bucketName": "Bucket1",
                  "pathExpression": "*"
               },
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }    
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}

Metrics Source parameters for Hosted Collectors

AWS CloudWatch Source

In addition to the common parameters, the following parameters are for AWS CloudWatch Source.

Parameter Type Required? Default Description Access
sourceType String Yes   Polling not modifiable
contentType String No   AwsCloudWatch not modifiable
scanInterval Long Yes  300000 Time interval of S3 bucket scans for new data, in milliseconds.

Minimum value:  1000
modifiable
paused Boolean Yes false When set to true, the scanner for metrics is paused. To disable, set to false. modifiable
thirdPartyRef Nested JSON Yes   Includes all required information for third-party integration, including the relevant Amazon regions, namespaces, and access credentials. modifiable

AWS CloudWatch Source JSON example: 

{
   "api.version":"v1",
   "source":{
      "sourceType": "Polling",
      "name": "Example1",
      "contentType": "AwsCloudWatch",
      "thirdPartyRef":{
         "resources":[
            {
               "serviceType": "AwsCloudWatch",
               "path": {
                  "type": "CloudWatchPath",
                  "limitToRegions": ["region-1", "region-2"],
                  "limitToNamespaces": ["AWS/ELB", "AWS/Route53", "AWS/OpsWork"]
               },
               "authentication": {
                  "type": "S3BucketAuthentication",
                  "awsId": "AKIAIOSFODNN7EXAMPLE",
                  "awsKey": "*******"
               }
            }
         ]
      },
      "scanInterval": 300000,
      "paused": false
   }
}