Docs
PackagesSumo Logic v0.21.0 published on Thursday, Apr 11, 2024 by Pulumi
sumologic.CseOutlierRule
Explore with Pulumi AI
___
layout: “sumologic” page_title: “SumoLogic: sumologic.CseOutlierRule” description: |- Provides a CSE Outlier Rule
sumologic.CseOutlierRule
Provides a Sumo Logic CSE Outlier Rule.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.CseFirstSeenRule;
import com.pulumi.sumologic.CseFirstSeenRuleArgs;
import com.pulumi.sumologic.inputs.CseFirstSeenRuleEntitySelectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var firstSeenRule = new CseFirstSeenRule("firstSeenRule", CseFirstSeenRuleArgs.builder()
.aggregationFunctions(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.baselineWindowSize("1209600000")
.descriptionExpression("Spike in Login Failures - {{ user_username }}")
.deviationThreshold(3)
.enabled(true)
.entitySelectors(CseFirstSeenRuleEntitySelectorArgs.builder()
.entityType("_username")
.expression("user_username")
.build())
.floorValue(0)
.groupByFields("user_username")
.isPrototype(false)
.matchExpression("objectType=\"Authentication\" AND success=false")
.nameExpression("Spike in Login Failures - {{ user_username }}")
.retentionWindowSize("7776000000")
.severity(1)
.summaryExpression("Spike in Login Failures - {{ user_username }}")
.suppressionWindowSize(90000000)
.windowSize("T24H")
.build());
}
}
resources:
firstSeenRule:
type: sumologic:CseFirstSeenRule
properties:
aggregationFunctions:
- arguments:
- 'true'
function: count
name: total
baselineWindowSize: '1209600000'
# 14 days
descriptionExpression: Spike in Login Failures - {{ user_username }}
deviationThreshold: 3
enabled: true
entitySelectors:
- entityType: _username
expression: user_username
floorValue: 0
groupByFields:
- user_username
isPrototype: false
matchExpression: objectType="Authentication" AND success=false
nameExpression: Spike in Login Failures - {{ user_username }}
retentionWindowSize: '7776000000'
# 90 days
severity: 1
summaryExpression: Spike in Login Failures - {{ user_username }}
suppressionWindowSize: 9e+07
windowSize: T24H
Create CseOutlierRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CseOutlierRule(name: string, args: CseOutlierRuleArgs, opts?: CustomResourceOptions);@overload
def CseOutlierRule(resource_name: str,
args: CseOutlierRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CseOutlierRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
retention_window_size: Optional[str] = None,
description_expression: Optional[str] = None,
match_expression: Optional[str] = None,
severity: Optional[int] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseOutlierRuleEntitySelectorArgs]] = None,
floor_value: Optional[int] = None,
aggregation_functions: Optional[CseOutlierRuleAggregationFunctionsArgs] = None,
window_size: Optional[str] = None,
baseline_window_size: Optional[str] = None,
deviation_threshold: Optional[int] = None,
name_expression: Optional[str] = None,
group_by_fields: Optional[Sequence[str]] = None,
name: Optional[str] = None,
summary_expression: Optional[str] = None,
suppression_window_size: Optional[int] = None,
tags: Optional[Sequence[str]] = None,
is_prototype: Optional[bool] = None)func NewCseOutlierRule(ctx *Context, name string, args CseOutlierRuleArgs, opts ...ResourceOption) (*CseOutlierRule, error)public CseOutlierRule(string name, CseOutlierRuleArgs args, CustomResourceOptions? opts = null)
public CseOutlierRule(String name, CseOutlierRuleArgs args)
public CseOutlierRule(String name, CseOutlierRuleArgs args, CustomResourceOptions options)
type: sumologic:CseOutlierRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CseOutlierRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CseOutlierRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CseOutlierRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CseOutlierRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CseOutlierRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var cseOutlierRuleResource = new SumoLogic.CseOutlierRule("cseOutlierRuleResource", new()
{
RetentionWindowSize = "string",
DescriptionExpression = "string",
MatchExpression = "string",
Severity = 0,
Enabled = false,
EntitySelectors = new[]
{
new SumoLogic.Inputs.CseOutlierRuleEntitySelectorArgs
{
EntityType = "string",
Expression = "string",
},
},
FloorValue = 0,
AggregationFunctions = new SumoLogic.Inputs.CseOutlierRuleAggregationFunctionsArgs
{
Arguments = new[]
{
"string",
},
Function = "string",
Name = "string",
},
WindowSize = "string",
BaselineWindowSize = "string",
DeviationThreshold = 0,
NameExpression = "string",
GroupByFields = new[]
{
"string",
},
Name = "string",
SummaryExpression = "string",
SuppressionWindowSize = 0,
Tags = new[]
{
"string",
},
IsPrototype = false,
});
example, err := sumologic.NewCseOutlierRule(ctx, "cseOutlierRuleResource", &sumologic.CseOutlierRuleArgs{
RetentionWindowSize: pulumi.String("string"),
DescriptionExpression: pulumi.String("string"),
MatchExpression: pulumi.String("string"),
Severity: pulumi.Int(0),
Enabled: pulumi.Bool(false),
EntitySelectors: sumologic.CseOutlierRuleEntitySelectorArray{
&sumologic.CseOutlierRuleEntitySelectorArgs{
EntityType: pulumi.String("string"),
Expression: pulumi.String("string"),
},
},
FloorValue: pulumi.Int(0),
AggregationFunctions: &sumologic.CseOutlierRuleAggregationFunctionsArgs{
Arguments: pulumi.StringArray{
pulumi.String("string"),
},
Function: pulumi.String("string"),
Name: pulumi.String("string"),
},
WindowSize: pulumi.String("string"),
BaselineWindowSize: pulumi.String("string"),
DeviationThreshold: pulumi.Int(0),
NameExpression: pulumi.String("string"),
GroupByFields: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
SummaryExpression: pulumi.String("string"),
SuppressionWindowSize: pulumi.Int(0),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
IsPrototype: pulumi.Bool(false),
})
var cseOutlierRuleResource = new CseOutlierRule("cseOutlierRuleResource", CseOutlierRuleArgs.builder()
.retentionWindowSize("string")
.descriptionExpression("string")
.matchExpression("string")
.severity(0)
.enabled(false)
.entitySelectors(CseOutlierRuleEntitySelectorArgs.builder()
.entityType("string")
.expression("string")
.build())
.floorValue(0)
.aggregationFunctions(CseOutlierRuleAggregationFunctionsArgs.builder()
.arguments("string")
.function("string")
.name("string")
.build())
.windowSize("string")
.baselineWindowSize("string")
.deviationThreshold(0)
.nameExpression("string")
.groupByFields("string")
.name("string")
.summaryExpression("string")
.suppressionWindowSize(0)
.tags("string")
.isPrototype(false)
.build());
cse_outlier_rule_resource = sumologic.CseOutlierRule("cseOutlierRuleResource",
retention_window_size="string",
description_expression="string",
match_expression="string",
severity=0,
enabled=False,
entity_selectors=[sumologic.CseOutlierRuleEntitySelectorArgs(
entity_type="string",
expression="string",
)],
floor_value=0,
aggregation_functions=sumologic.CseOutlierRuleAggregationFunctionsArgs(
arguments=["string"],
function="string",
name="string",
),
window_size="string",
baseline_window_size="string",
deviation_threshold=0,
name_expression="string",
group_by_fields=["string"],
name="string",
summary_expression="string",
suppression_window_size=0,
tags=["string"],
is_prototype=False)
const cseOutlierRuleResource = new sumologic.CseOutlierRule("cseOutlierRuleResource", {
retentionWindowSize: "string",
descriptionExpression: "string",
matchExpression: "string",
severity: 0,
enabled: false,
entitySelectors: [{
entityType: "string",
expression: "string",
}],
floorValue: 0,
aggregationFunctions: {
arguments: ["string"],
"function": "string",
name: "string",
},
windowSize: "string",
baselineWindowSize: "string",
deviationThreshold: 0,
nameExpression: "string",
groupByFields: ["string"],
name: "string",
summaryExpression: "string",
suppressionWindowSize: 0,
tags: ["string"],
isPrototype: false,
});
type: sumologic:CseOutlierRule
properties:
aggregationFunctions:
arguments:
- string
function: string
name: string
baselineWindowSize: string
descriptionExpression: string
deviationThreshold: 0
enabled: false
entitySelectors:
- entityType: string
expression: string
floorValue: 0
groupByFields:
- string
isPrototype: false
matchExpression: string
name: string
nameExpression: string
retentionWindowSize: string
severity: 0
summaryExpression: string
suppressionWindowSize: 0
tags:
- string
windowSize: string
CseOutlierRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CseOutlierRule resource accepts the following input properties:
- Aggregation
Functions Pulumi.Sumo Logic. Inputs. Cse Outlier Rule Aggregation Functions - Baseline
Window stringSize - The baseline window size in milliseconds
- Description
Expression string - The description of the generated Signals
- Deviation
Threshold int - The deviation threshold used to calculate the threshold to trigger signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors List<Pulumi.Sumo Logic. Inputs. Cse Outlier Rule Entity Selector> - The entities to generate Signals on
- Floor
Value int - The minimum threshold to trigger signals
- Match
Expression string - The expression for which records to match on
- Name
Expression string - The name of the generated Signals
- Retention
Window stringSize - The retention window size in milliseconds
- Severity int
- The severity of the generated Signals
- Window
Size string - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
- Group
By List<string>Fields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<string>
- The tags of the generated Signals
- Aggregation
Functions CseOutlier Rule Aggregation Functions Args - Baseline
Window stringSize - The baseline window size in milliseconds
- Description
Expression string - The description of the generated Signals
- Deviation
Threshold int - The deviation threshold used to calculate the threshold to trigger signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors []CseOutlier Rule Entity Selector Args - The entities to generate Signals on
- Floor
Value int - The minimum threshold to trigger signals
- Match
Expression string - The expression for which records to match on
- Name
Expression string - The name of the generated Signals
- Retention
Window stringSize - The retention window size in milliseconds
- Severity int
- The severity of the generated Signals
- Window
Size string - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
- Group
By []stringFields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Name string
- The name of the Rule
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- []string
- The tags of the generated Signals
- aggregation
Functions CseOutlier Rule Aggregation Functions - baseline
Window StringSize - The baseline window size in milliseconds
- description
Expression String - The description of the generated Signals
- deviation
Threshold Integer - The deviation threshold used to calculate the threshold to trigger signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<CseOutlier Rule Entity Selector> - The entities to generate Signals on
- floor
Value Integer - The minimum threshold to trigger signals
- match
Expression String - The expression for which records to match on
- name
Expression String - The name of the generated Signals
- retention
Window StringSize - The retention window size in milliseconds
- severity Integer
- The severity of the generated Signals
- window
Size String - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule
- summary
Expression String - The summary of the generated Signals
- suppression
Window IntegerSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
- aggregation
Functions CseOutlier Rule Aggregation Functions - baseline
Window stringSize - The baseline window size in milliseconds
- description
Expression string - The description of the generated Signals
- deviation
Threshold number - The deviation threshold used to calculate the threshold to trigger signals
- enabled boolean
- Whether the rule should generate Signals
- entity
Selectors CseOutlier Rule Entity Selector[] - The entities to generate Signals on
- floor
Value number - The minimum threshold to trigger signals
- match
Expression string - The expression for which records to match on
- name
Expression string - The name of the generated Signals
- retention
Window stringSize - The retention window size in milliseconds
- severity number
- The severity of the generated Signals
- window
Size string - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
- group
By string[]Fields - A list of fields to group records by
- is
Prototype boolean - Whether the generated Signals should be prototype Signals
- name string
- The name of the Rule
- summary
Expression string - The summary of the generated Signals
- suppression
Window numberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- string[]
- The tags of the generated Signals
- aggregation_
functions CseOutlier Rule Aggregation Functions Args - baseline_
window_ strsize - The baseline window size in milliseconds
- description_
expression str - The description of the generated Signals
- deviation_
threshold int - The deviation threshold used to calculate the threshold to trigger signals
- enabled bool
- Whether the rule should generate Signals
- entity_
selectors Sequence[CseOutlier Rule Entity Selector Args] - The entities to generate Signals on
- floor_
value int - The minimum threshold to trigger signals
- match_
expression str - The expression for which records to match on
- name_
expression str - The name of the generated Signals
- retention_
window_ strsize - The retention window size in milliseconds
- severity int
- The severity of the generated Signals
- window_
size str - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
- group_
by_ Sequence[str]fields - A list of fields to group records by
- is_
prototype bool - Whether the generated Signals should be prototype Signals
- name str
- The name of the Rule
- summary_
expression str - The summary of the generated Signals
- suppression_
window_ intsize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- Sequence[str]
- The tags of the generated Signals
- aggregation
Functions Property Map - baseline
Window StringSize - The baseline window size in milliseconds
- description
Expression String - The description of the generated Signals
- deviation
Threshold Number - The deviation threshold used to calculate the threshold to trigger signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<Property Map> - The entities to generate Signals on
- floor
Value Number - The minimum threshold to trigger signals
- match
Expression String - The expression for which records to match on
- name
Expression String - The name of the generated Signals
- retention
Window StringSize - The retention window size in milliseconds
- severity Number
- The severity of the generated Signals
- window
Size String - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- name String
- The name of the Rule
- summary
Expression String - The summary of the generated Signals
- suppression
Window NumberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
Outputs
All input properties are implicitly available as output properties. Additionally, the CseOutlierRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing CseOutlierRule Resource
Get an existing CseOutlierRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CseOutlierRuleState, opts?: CustomResourceOptions): CseOutlierRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
aggregation_functions: Optional[CseOutlierRuleAggregationFunctionsArgs] = None,
baseline_window_size: Optional[str] = None,
description_expression: Optional[str] = None,
deviation_threshold: Optional[int] = None,
enabled: Optional[bool] = None,
entity_selectors: Optional[Sequence[CseOutlierRuleEntitySelectorArgs]] = None,
floor_value: Optional[int] = None,
group_by_fields: Optional[Sequence[str]] = None,
is_prototype: Optional[bool] = None,
match_expression: Optional[str] = None,
name: Optional[str] = None,
name_expression: Optional[str] = None,
retention_window_size: Optional[str] = None,
severity: Optional[int] = None,
summary_expression: Optional[str] = None,
suppression_window_size: Optional[int] = None,
tags: Optional[Sequence[str]] = None,
window_size: Optional[str] = None) -> CseOutlierRulefunc GetCseOutlierRule(ctx *Context, name string, id IDInput, state *CseOutlierRuleState, opts ...ResourceOption) (*CseOutlierRule, error)public static CseOutlierRule Get(string name, Input<string> id, CseOutlierRuleState? state, CustomResourceOptions? opts = null)public static CseOutlierRule get(String name, Output<String> id, CseOutlierRuleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Aggregation
Functions Pulumi.Sumo Logic. Inputs. Cse Outlier Rule Aggregation Functions - Baseline
Window stringSize - The baseline window size in milliseconds
- Description
Expression string - The description of the generated Signals
- Deviation
Threshold int - The deviation threshold used to calculate the threshold to trigger signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors List<Pulumi.Sumo Logic. Inputs. Cse Outlier Rule Entity Selector> - The entities to generate Signals on
- Floor
Value int - The minimum threshold to trigger signals
- Group
By List<string>Fields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Match
Expression string - The expression for which records to match on
- Name string
- The name of the Rule
- Name
Expression string - The name of the generated Signals
- Retention
Window stringSize - The retention window size in milliseconds
- Severity int
- The severity of the generated Signals
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<string>
- The tags of the generated Signals
- Window
Size string - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
- Aggregation
Functions CseOutlier Rule Aggregation Functions Args - Baseline
Window stringSize - The baseline window size in milliseconds
- Description
Expression string - The description of the generated Signals
- Deviation
Threshold int - The deviation threshold used to calculate the threshold to trigger signals
- Enabled bool
- Whether the rule should generate Signals
- Entity
Selectors []CseOutlier Rule Entity Selector Args - The entities to generate Signals on
- Floor
Value int - The minimum threshold to trigger signals
- Group
By []stringFields - A list of fields to group records by
- Is
Prototype bool - Whether the generated Signals should be prototype Signals
- Match
Expression string - The expression for which records to match on
- Name string
- The name of the Rule
- Name
Expression string - The name of the generated Signals
- Retention
Window stringSize - The retention window size in milliseconds
- Severity int
- The severity of the generated Signals
- Summary
Expression string - The summary of the generated Signals
- Suppression
Window intSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- []string
- The tags of the generated Signals
- Window
Size string - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
- aggregation
Functions CseOutlier Rule Aggregation Functions - baseline
Window StringSize - The baseline window size in milliseconds
- description
Expression String - The description of the generated Signals
- deviation
Threshold Integer - The deviation threshold used to calculate the threshold to trigger signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<CseOutlier Rule Entity Selector> - The entities to generate Signals on
- floor
Value Integer - The minimum threshold to trigger signals
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- match
Expression String - The expression for which records to match on
- name String
- The name of the Rule
- name
Expression String - The name of the generated Signals
- retention
Window StringSize - The retention window size in milliseconds
- severity Integer
- The severity of the generated Signals
- summary
Expression String - The summary of the generated Signals
- suppression
Window IntegerSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
- window
Size String - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
- aggregation
Functions CseOutlier Rule Aggregation Functions - baseline
Window stringSize - The baseline window size in milliseconds
- description
Expression string - The description of the generated Signals
- deviation
Threshold number - The deviation threshold used to calculate the threshold to trigger signals
- enabled boolean
- Whether the rule should generate Signals
- entity
Selectors CseOutlier Rule Entity Selector[] - The entities to generate Signals on
- floor
Value number - The minimum threshold to trigger signals
- group
By string[]Fields - A list of fields to group records by
- is
Prototype boolean - Whether the generated Signals should be prototype Signals
- match
Expression string - The expression for which records to match on
- name string
- The name of the Rule
- name
Expression string - The name of the generated Signals
- retention
Window stringSize - The retention window size in milliseconds
- severity number
- The severity of the generated Signals
- summary
Expression string - The summary of the generated Signals
- suppression
Window numberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- string[]
- The tags of the generated Signals
- window
Size string - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
- aggregation_
functions CseOutlier Rule Aggregation Functions Args - baseline_
window_ strsize - The baseline window size in milliseconds
- description_
expression str - The description of the generated Signals
- deviation_
threshold int - The deviation threshold used to calculate the threshold to trigger signals
- enabled bool
- Whether the rule should generate Signals
- entity_
selectors Sequence[CseOutlier Rule Entity Selector Args] - The entities to generate Signals on
- floor_
value int - The minimum threshold to trigger signals
- group_
by_ Sequence[str]fields - A list of fields to group records by
- is_
prototype bool - Whether the generated Signals should be prototype Signals
- match_
expression str - The expression for which records to match on
- name str
- The name of the Rule
- name_
expression str - The name of the generated Signals
- retention_
window_ strsize - The retention window size in milliseconds
- severity int
- The severity of the generated Signals
- summary_
expression str - The summary of the generated Signals
- suppression_
window_ intsize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- Sequence[str]
- The tags of the generated Signals
- window_
size str - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
- aggregation
Functions Property Map - baseline
Window StringSize - The baseline window size in milliseconds
- description
Expression String - The description of the generated Signals
- deviation
Threshold Number - The deviation threshold used to calculate the threshold to trigger signals
- enabled Boolean
- Whether the rule should generate Signals
- entity
Selectors List<Property Map> - The entities to generate Signals on
- floor
Value Number - The minimum threshold to trigger signals
- group
By List<String>Fields - A list of fields to group records by
- is
Prototype Boolean - Whether the generated Signals should be prototype Signals
- match
Expression String - The expression for which records to match on
- name String
- The name of the Rule
- name
Expression String - The name of the generated Signals
- retention
Window StringSize - The retention window size in milliseconds
- severity Number
- The severity of the generated Signals
- summary
Expression String - The summary of the generated Signals
- suppression
Window NumberSize For how long to suppress Signal generation, in milliseconds. Must be greater than
window_sizeand less than the global limit of 7 days.The following attributes are exported:
- List<String>
- The tags of the generated Signals
- window
Size String - The window size. Current acceptable values are T60M (1 hr) or T24H (1 day)
Supporting Types
CseOutlierRuleAggregationFunctions, CseOutlierRuleAggregationFunctionsArgs
CseOutlierRuleEntitySelector, CseOutlierRuleEntitySelectorArgs
- Entity
Type string - Expression string
- The expression or field name to generate the Signal on
- Entity
Type string - Expression string
- The expression or field name to generate the Signal on
- entity
Type String - expression String
- The expression or field name to generate the Signal on
- entity
Type string - expression string
- The expression or field name to generate the Signal on
- entity_
type str - expression str
- The expression or field name to generate the Signal on
- entity
Type String - expression String
- The expression or field name to generate the Signal on
Import
Outlier rules can be imported using the field id, e.g.:
hcl
$ pulumi import sumologic:index/cseOutlierRule:CseOutlierRule outlier_rule id
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Sumo Logic pulumi/pulumi-sumologic
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
sumologicTerraform Provider.