1. Packages
  2. Sumo Logic
  3. API Docs
  4. CseThresholdRule
Sumo Logic v0.22.1 published on Sunday, Jun 9, 2024 by Pulumi

sumologic.CseThresholdRule

Explore with Pulumi AI

sumologic logo
Sumo Logic v0.22.1 published on Sunday, Jun 9, 2024 by Pulumi

    Provides a Sumo Logic CSE Threshold Rule.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as sumologic from "@pulumi/sumologic";
    
    const thresholdRule = new sumologic.CseThresholdRule("threshold_rule", {
        countDistinct: true,
        countField: "dstDevice_hostname",
        description: "Signal description",
        enabled: true,
        entitySelectors: [{
            entityType: "_ip",
            expression: "srcDevice_ip",
        }],
        expression: "objectType = \"Network\"",
        groupByFields: ["dstDevice_hostname"],
        isPrototype: false,
        limit: 1000,
        name: "Threshold Rule Example",
        severity: 5,
        summaryExpression: "Signal summary",
        tags: ["_mitreAttackTactic:TA0009"],
        windowSize: "T30M",
        suppressionWindowSize: 2100000,
    });
    
    import pulumi
    import pulumi_sumologic as sumologic
    
    threshold_rule = sumologic.CseThresholdRule("threshold_rule",
        count_distinct=True,
        count_field="dstDevice_hostname",
        description="Signal description",
        enabled=True,
        entity_selectors=[sumologic.CseThresholdRuleEntitySelectorArgs(
            entity_type="_ip",
            expression="srcDevice_ip",
        )],
        expression="objectType = \"Network\"",
        group_by_fields=["dstDevice_hostname"],
        is_prototype=False,
        limit=1000,
        name="Threshold Rule Example",
        severity=5,
        summary_expression="Signal summary",
        tags=["_mitreAttackTactic:TA0009"],
        window_size="T30M",
        suppression_window_size=2100000)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-sumologic/sdk/go/sumologic"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := sumologic.NewCseThresholdRule(ctx, "threshold_rule", &sumologic.CseThresholdRuleArgs{
    			CountDistinct: pulumi.Bool(true),
    			CountField:    pulumi.String("dstDevice_hostname"),
    			Description:   pulumi.String("Signal description"),
    			Enabled:       pulumi.Bool(true),
    			EntitySelectors: sumologic.CseThresholdRuleEntitySelectorArray{
    				&sumologic.CseThresholdRuleEntitySelectorArgs{
    					EntityType: pulumi.String("_ip"),
    					Expression: pulumi.String("srcDevice_ip"),
    				},
    			},
    			Expression: pulumi.String("objectType = \"Network\""),
    			GroupByFields: pulumi.StringArray{
    				pulumi.String("dstDevice_hostname"),
    			},
    			IsPrototype:       pulumi.Bool(false),
    			Limit:             pulumi.Int(1000),
    			Name:              pulumi.String("Threshold Rule Example"),
    			Severity:          pulumi.Int(5),
    			SummaryExpression: pulumi.String("Signal summary"),
    			Tags: pulumi.StringArray{
    				pulumi.String("_mitreAttackTactic:TA0009"),
    			},
    			WindowSize:            pulumi.String("T30M"),
    			SuppressionWindowSize: pulumi.Int(2100000),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using SumoLogic = Pulumi.SumoLogic;
    
    return await Deployment.RunAsync(() => 
    {
        var thresholdRule = new SumoLogic.CseThresholdRule("threshold_rule", new()
        {
            CountDistinct = true,
            CountField = "dstDevice_hostname",
            Description = "Signal description",
            Enabled = true,
            EntitySelectors = new[]
            {
                new SumoLogic.Inputs.CseThresholdRuleEntitySelectorArgs
                {
                    EntityType = "_ip",
                    Expression = "srcDevice_ip",
                },
            },
            Expression = "objectType = \"Network\"",
            GroupByFields = new[]
            {
                "dstDevice_hostname",
            },
            IsPrototype = false,
            Limit = 1000,
            Name = "Threshold Rule Example",
            Severity = 5,
            SummaryExpression = "Signal summary",
            Tags = new[]
            {
                "_mitreAttackTactic:TA0009",
            },
            WindowSize = "T30M",
            SuppressionWindowSize = 2100000,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.sumologic.CseThresholdRule;
    import com.pulumi.sumologic.CseThresholdRuleArgs;
    import com.pulumi.sumologic.inputs.CseThresholdRuleEntitySelectorArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var thresholdRule = new CseThresholdRule("thresholdRule", CseThresholdRuleArgs.builder()
                .countDistinct(true)
                .countField("dstDevice_hostname")
                .description("Signal description")
                .enabled(true)
                .entitySelectors(CseThresholdRuleEntitySelectorArgs.builder()
                    .entityType("_ip")
                    .expression("srcDevice_ip")
                    .build())
                .expression("objectType = \"Network\"")
                .groupByFields("dstDevice_hostname")
                .isPrototype(false)
                .limit(1000)
                .name("Threshold Rule Example")
                .severity(5)
                .summaryExpression("Signal summary")
                .tags("_mitreAttackTactic:TA0009")
                .windowSize("T30M")
                .suppressionWindowSize(2100000)
                .build());
    
        }
    }
    
    resources:
      thresholdRule:
        type: sumologic:CseThresholdRule
        name: threshold_rule
        properties:
          countDistinct: true
          countField: dstDevice_hostname
          description: Signal description
          enabled: true
          entitySelectors:
            - entityType: _ip
              expression: srcDevice_ip
          expression: objectType = "Network"
          groupByFields:
            - dstDevice_hostname
          isPrototype: false
          limit: 1000
          name: Threshold Rule Example
          severity: 5
          summaryExpression: Signal summary
          tags:
            - _mitreAttackTactic:TA0009
          windowSize: T30M
          suppressionWindowSize: 2.1e+06
    

    Create CseThresholdRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new CseThresholdRule(name: string, args: CseThresholdRuleArgs, opts?: CustomResourceOptions);
    @overload
    def CseThresholdRule(resource_name: str,
                         args: CseThresholdRuleArgs,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def CseThresholdRule(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         limit: Optional[int] = None,
                         entity_selectors: Optional[Sequence[CseThresholdRuleEntitySelectorArgs]] = None,
                         description: Optional[str] = None,
                         enabled: Optional[bool] = None,
                         window_size: Optional[str] = None,
                         expression: Optional[str] = None,
                         severity: Optional[int] = None,
                         count_distinct: Optional[bool] = None,
                         group_by_fields: Optional[Sequence[str]] = None,
                         name: Optional[str] = None,
                         count_field: Optional[str] = None,
                         summary_expression: Optional[str] = None,
                         suppression_window_size: Optional[int] = None,
                         tags: Optional[Sequence[str]] = None,
                         is_prototype: Optional[bool] = None,
                         window_size_millis: Optional[str] = None)
    func NewCseThresholdRule(ctx *Context, name string, args CseThresholdRuleArgs, opts ...ResourceOption) (*CseThresholdRule, error)
    public CseThresholdRule(string name, CseThresholdRuleArgs args, CustomResourceOptions? opts = null)
    public CseThresholdRule(String name, CseThresholdRuleArgs args)
    public CseThresholdRule(String name, CseThresholdRuleArgs args, CustomResourceOptions options)
    
    type: sumologic:CseThresholdRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args CseThresholdRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CseThresholdRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CseThresholdRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CseThresholdRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CseThresholdRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var cseThresholdRuleResource = new SumoLogic.CseThresholdRule("cseThresholdRuleResource", new()
    {
        Limit = 0,
        EntitySelectors = new[]
        {
            new SumoLogic.Inputs.CseThresholdRuleEntitySelectorArgs
            {
                EntityType = "string",
                Expression = "string",
            },
        },
        Description = "string",
        Enabled = false,
        WindowSize = "string",
        Expression = "string",
        Severity = 0,
        CountDistinct = false,
        GroupByFields = new[]
        {
            "string",
        },
        Name = "string",
        CountField = "string",
        SummaryExpression = "string",
        SuppressionWindowSize = 0,
        Tags = new[]
        {
            "string",
        },
        IsPrototype = false,
        WindowSizeMillis = "string",
    });
    
    example, err := sumologic.NewCseThresholdRule(ctx, "cseThresholdRuleResource", &sumologic.CseThresholdRuleArgs{
    	Limit: pulumi.Int(0),
    	EntitySelectors: sumologic.CseThresholdRuleEntitySelectorArray{
    		&sumologic.CseThresholdRuleEntitySelectorArgs{
    			EntityType: pulumi.String("string"),
    			Expression: pulumi.String("string"),
    		},
    	},
    	Description:   pulumi.String("string"),
    	Enabled:       pulumi.Bool(false),
    	WindowSize:    pulumi.String("string"),
    	Expression:    pulumi.String("string"),
    	Severity:      pulumi.Int(0),
    	CountDistinct: pulumi.Bool(false),
    	GroupByFields: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Name:                  pulumi.String("string"),
    	CountField:            pulumi.String("string"),
    	SummaryExpression:     pulumi.String("string"),
    	SuppressionWindowSize: pulumi.Int(0),
    	Tags: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	IsPrototype:      pulumi.Bool(false),
    	WindowSizeMillis: pulumi.String("string"),
    })
    
    var cseThresholdRuleResource = new CseThresholdRule("cseThresholdRuleResource", CseThresholdRuleArgs.builder()
        .limit(0)
        .entitySelectors(CseThresholdRuleEntitySelectorArgs.builder()
            .entityType("string")
            .expression("string")
            .build())
        .description("string")
        .enabled(false)
        .windowSize("string")
        .expression("string")
        .severity(0)
        .countDistinct(false)
        .groupByFields("string")
        .name("string")
        .countField("string")
        .summaryExpression("string")
        .suppressionWindowSize(0)
        .tags("string")
        .isPrototype(false)
        .windowSizeMillis("string")
        .build());
    
    cse_threshold_rule_resource = sumologic.CseThresholdRule("cseThresholdRuleResource",
        limit=0,
        entity_selectors=[sumologic.CseThresholdRuleEntitySelectorArgs(
            entity_type="string",
            expression="string",
        )],
        description="string",
        enabled=False,
        window_size="string",
        expression="string",
        severity=0,
        count_distinct=False,
        group_by_fields=["string"],
        name="string",
        count_field="string",
        summary_expression="string",
        suppression_window_size=0,
        tags=["string"],
        is_prototype=False,
        window_size_millis="string")
    
    const cseThresholdRuleResource = new sumologic.CseThresholdRule("cseThresholdRuleResource", {
        limit: 0,
        entitySelectors: [{
            entityType: "string",
            expression: "string",
        }],
        description: "string",
        enabled: false,
        windowSize: "string",
        expression: "string",
        severity: 0,
        countDistinct: false,
        groupByFields: ["string"],
        name: "string",
        countField: "string",
        summaryExpression: "string",
        suppressionWindowSize: 0,
        tags: ["string"],
        isPrototype: false,
        windowSizeMillis: "string",
    });
    
    type: sumologic:CseThresholdRule
    properties:
        countDistinct: false
        countField: string
        description: string
        enabled: false
        entitySelectors:
            - entityType: string
              expression: string
        expression: string
        groupByFields:
            - string
        isPrototype: false
        limit: 0
        name: string
        severity: 0
        summaryExpression: string
        suppressionWindowSize: 0
        tags:
            - string
        windowSize: string
        windowSizeMillis: string
    

    CseThresholdRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The CseThresholdRule resource accepts the following input properties:

    Description string
    The description of the generated Signals
    Enabled bool
    Whether the rule should generate Signals
    EntitySelectors List<Pulumi.SumoLogic.Inputs.CseThresholdRuleEntitySelector>
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    Expression string
    The expression for which records to match on
    Limit int
    A Signal will be fired when this many records/distinct field values are matched
    Severity int
    The severity of the generated Signals
    WindowSize string
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    CountDistinct bool
    Whether to count distinct values of a field, as opposed to just counting the number of records
    CountField string
    The field to count if count_distinct is set to true
    GroupByFields List<string>
    A list of fields to group records by
    IsPrototype bool
    Whether the generated Signals should be prototype Signals
    Name string
    The name of the Rule and the generated Signals
    SummaryExpression string
    The summary of the generated Signals
    SuppressionWindowSize int

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    Tags List<string>
    The tags of the generated Signals
    WindowSizeMillis string
    Description string
    The description of the generated Signals
    Enabled bool
    Whether the rule should generate Signals
    EntitySelectors []CseThresholdRuleEntitySelectorArgs
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    Expression string
    The expression for which records to match on
    Limit int
    A Signal will be fired when this many records/distinct field values are matched
    Severity int
    The severity of the generated Signals
    WindowSize string
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    CountDistinct bool
    Whether to count distinct values of a field, as opposed to just counting the number of records
    CountField string
    The field to count if count_distinct is set to true
    GroupByFields []string
    A list of fields to group records by
    IsPrototype bool
    Whether the generated Signals should be prototype Signals
    Name string
    The name of the Rule and the generated Signals
    SummaryExpression string
    The summary of the generated Signals
    SuppressionWindowSize int

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    Tags []string
    The tags of the generated Signals
    WindowSizeMillis string
    description String
    The description of the generated Signals
    enabled Boolean
    Whether the rule should generate Signals
    entitySelectors List<CseThresholdRuleEntitySelector>
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    expression String
    The expression for which records to match on
    limit Integer
    A Signal will be fired when this many records/distinct field values are matched
    severity Integer
    The severity of the generated Signals
    windowSize String
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    countDistinct Boolean
    Whether to count distinct values of a field, as opposed to just counting the number of records
    countField String
    The field to count if count_distinct is set to true
    groupByFields List<String>
    A list of fields to group records by
    isPrototype Boolean
    Whether the generated Signals should be prototype Signals
    name String
    The name of the Rule and the generated Signals
    summaryExpression String
    The summary of the generated Signals
    suppressionWindowSize Integer

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    tags List<String>
    The tags of the generated Signals
    windowSizeMillis String
    description string
    The description of the generated Signals
    enabled boolean
    Whether the rule should generate Signals
    entitySelectors CseThresholdRuleEntitySelector[]
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    expression string
    The expression for which records to match on
    limit number
    A Signal will be fired when this many records/distinct field values are matched
    severity number
    The severity of the generated Signals
    windowSize string
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    countDistinct boolean
    Whether to count distinct values of a field, as opposed to just counting the number of records
    countField string
    The field to count if count_distinct is set to true
    groupByFields string[]
    A list of fields to group records by
    isPrototype boolean
    Whether the generated Signals should be prototype Signals
    name string
    The name of the Rule and the generated Signals
    summaryExpression string
    The summary of the generated Signals
    suppressionWindowSize number

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    tags string[]
    The tags of the generated Signals
    windowSizeMillis string
    description str
    The description of the generated Signals
    enabled bool
    Whether the rule should generate Signals
    entity_selectors Sequence[CseThresholdRuleEntitySelectorArgs]
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    expression str
    The expression for which records to match on
    limit int
    A Signal will be fired when this many records/distinct field values are matched
    severity int
    The severity of the generated Signals
    window_size str
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    count_distinct bool
    Whether to count distinct values of a field, as opposed to just counting the number of records
    count_field str
    The field to count if count_distinct is set to true
    group_by_fields Sequence[str]
    A list of fields to group records by
    is_prototype bool
    Whether the generated Signals should be prototype Signals
    name str
    The name of the Rule and the generated Signals
    summary_expression str
    The summary of the generated Signals
    suppression_window_size int

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    tags Sequence[str]
    The tags of the generated Signals
    window_size_millis str
    description String
    The description of the generated Signals
    enabled Boolean
    Whether the rule should generate Signals
    entitySelectors List<Property Map>
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    expression String
    The expression for which records to match on
    limit Number
    A Signal will be fired when this many records/distinct field values are matched
    severity Number
    The severity of the generated Signals
    windowSize String
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    countDistinct Boolean
    Whether to count distinct values of a field, as opposed to just counting the number of records
    countField String
    The field to count if count_distinct is set to true
    groupByFields List<String>
    A list of fields to group records by
    isPrototype Boolean
    Whether the generated Signals should be prototype Signals
    name String
    The name of the Rule and the generated Signals
    summaryExpression String
    The summary of the generated Signals
    suppressionWindowSize Number

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    tags List<String>
    The tags of the generated Signals
    windowSizeMillis String

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CseThresholdRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing CseThresholdRule Resource

    Get an existing CseThresholdRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CseThresholdRuleState, opts?: CustomResourceOptions): CseThresholdRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            count_distinct: Optional[bool] = None,
            count_field: Optional[str] = None,
            description: Optional[str] = None,
            enabled: Optional[bool] = None,
            entity_selectors: Optional[Sequence[CseThresholdRuleEntitySelectorArgs]] = None,
            expression: Optional[str] = None,
            group_by_fields: Optional[Sequence[str]] = None,
            is_prototype: Optional[bool] = None,
            limit: Optional[int] = None,
            name: Optional[str] = None,
            severity: Optional[int] = None,
            summary_expression: Optional[str] = None,
            suppression_window_size: Optional[int] = None,
            tags: Optional[Sequence[str]] = None,
            window_size: Optional[str] = None,
            window_size_millis: Optional[str] = None) -> CseThresholdRule
    func GetCseThresholdRule(ctx *Context, name string, id IDInput, state *CseThresholdRuleState, opts ...ResourceOption) (*CseThresholdRule, error)
    public static CseThresholdRule Get(string name, Input<string> id, CseThresholdRuleState? state, CustomResourceOptions? opts = null)
    public static CseThresholdRule get(String name, Output<String> id, CseThresholdRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CountDistinct bool
    Whether to count distinct values of a field, as opposed to just counting the number of records
    CountField string
    The field to count if count_distinct is set to true
    Description string
    The description of the generated Signals
    Enabled bool
    Whether the rule should generate Signals
    EntitySelectors List<Pulumi.SumoLogic.Inputs.CseThresholdRuleEntitySelector>
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    Expression string
    The expression for which records to match on
    GroupByFields List<string>
    A list of fields to group records by
    IsPrototype bool
    Whether the generated Signals should be prototype Signals
    Limit int
    A Signal will be fired when this many records/distinct field values are matched
    Name string
    The name of the Rule and the generated Signals
    Severity int
    The severity of the generated Signals
    SummaryExpression string
    The summary of the generated Signals
    SuppressionWindowSize int

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    Tags List<string>
    The tags of the generated Signals
    WindowSize string
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    WindowSizeMillis string
    CountDistinct bool
    Whether to count distinct values of a field, as opposed to just counting the number of records
    CountField string
    The field to count if count_distinct is set to true
    Description string
    The description of the generated Signals
    Enabled bool
    Whether the rule should generate Signals
    EntitySelectors []CseThresholdRuleEntitySelectorArgs
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    Expression string
    The expression for which records to match on
    GroupByFields []string
    A list of fields to group records by
    IsPrototype bool
    Whether the generated Signals should be prototype Signals
    Limit int
    A Signal will be fired when this many records/distinct field values are matched
    Name string
    The name of the Rule and the generated Signals
    Severity int
    The severity of the generated Signals
    SummaryExpression string
    The summary of the generated Signals
    SuppressionWindowSize int

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    Tags []string
    The tags of the generated Signals
    WindowSize string
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    WindowSizeMillis string
    countDistinct Boolean
    Whether to count distinct values of a field, as opposed to just counting the number of records
    countField String
    The field to count if count_distinct is set to true
    description String
    The description of the generated Signals
    enabled Boolean
    Whether the rule should generate Signals
    entitySelectors List<CseThresholdRuleEntitySelector>
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    expression String
    The expression for which records to match on
    groupByFields List<String>
    A list of fields to group records by
    isPrototype Boolean
    Whether the generated Signals should be prototype Signals
    limit Integer
    A Signal will be fired when this many records/distinct field values are matched
    name String
    The name of the Rule and the generated Signals
    severity Integer
    The severity of the generated Signals
    summaryExpression String
    The summary of the generated Signals
    suppressionWindowSize Integer

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    tags List<String>
    The tags of the generated Signals
    windowSize String
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    windowSizeMillis String
    countDistinct boolean
    Whether to count distinct values of a field, as opposed to just counting the number of records
    countField string
    The field to count if count_distinct is set to true
    description string
    The description of the generated Signals
    enabled boolean
    Whether the rule should generate Signals
    entitySelectors CseThresholdRuleEntitySelector[]
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    expression string
    The expression for which records to match on
    groupByFields string[]
    A list of fields to group records by
    isPrototype boolean
    Whether the generated Signals should be prototype Signals
    limit number
    A Signal will be fired when this many records/distinct field values are matched
    name string
    The name of the Rule and the generated Signals
    severity number
    The severity of the generated Signals
    summaryExpression string
    The summary of the generated Signals
    suppressionWindowSize number

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    tags string[]
    The tags of the generated Signals
    windowSize string
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    windowSizeMillis string
    count_distinct bool
    Whether to count distinct values of a field, as opposed to just counting the number of records
    count_field str
    The field to count if count_distinct is set to true
    description str
    The description of the generated Signals
    enabled bool
    Whether the rule should generate Signals
    entity_selectors Sequence[CseThresholdRuleEntitySelectorArgs]
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    expression str
    The expression for which records to match on
    group_by_fields Sequence[str]
    A list of fields to group records by
    is_prototype bool
    Whether the generated Signals should be prototype Signals
    limit int
    A Signal will be fired when this many records/distinct field values are matched
    name str
    The name of the Rule and the generated Signals
    severity int
    The severity of the generated Signals
    summary_expression str
    The summary of the generated Signals
    suppression_window_size int

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    tags Sequence[str]
    The tags of the generated Signals
    window_size str
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    window_size_millis str
    countDistinct Boolean
    Whether to count distinct values of a field, as opposed to just counting the number of records
    countField String
    The field to count if count_distinct is set to true
    description String
    The description of the generated Signals
    enabled Boolean
    Whether the rule should generate Signals
    entitySelectors List<Property Map>
    The entities to generate Signals on

    • entityType - (Required) The type of the entity to generate the Signal on.
    expression String
    The expression for which records to match on
    groupByFields List<String>
    A list of fields to group records by
    isPrototype Boolean
    Whether the generated Signals should be prototype Signals
    limit Number
    A Signal will be fired when this many records/distinct field values are matched
    name String
    The name of the Rule and the generated Signals
    severity Number
    The severity of the generated Signals
    summaryExpression String
    The summary of the generated Signals
    suppressionWindowSize Number

    For how long to suppress Signal generation, in milliseconds. Must be greater than window_size and less than the global limit of 7 days.

    The following attributes are exported:

    tags List<String>
    The tags of the generated Signals
    windowSize String
    How long of a window to aggregate records for. Current acceptable values are T05M, T10M, T30M, T60M, T24H, T12H, T05D or CUSTOM
    windowSizeMillis String

    Supporting Types

    CseThresholdRuleEntitySelector, CseThresholdRuleEntitySelectorArgs

    EntityType string
    Expression string
    The expression or field name to generate the Signal on.
    EntityType string
    Expression string
    The expression or field name to generate the Signal on.
    entityType String
    expression String
    The expression or field name to generate the Signal on.
    entityType string
    expression string
    The expression or field name to generate the Signal on.
    entity_type str
    expression str
    The expression or field name to generate the Signal on.
    entityType String
    expression String
    The expression or field name to generate the Signal on.

    Import

    Threshold Rules can be imported using the field id, e.g.:

    hcl

    $ pulumi import sumologic:index/cseThresholdRule:CseThresholdRule threshold_rule id
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Sumo Logic pulumi/pulumi-sumologic
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the sumologic Terraform Provider.
    sumologic logo
    Sumo Logic v0.22.1 published on Sunday, Jun 9, 2024 by Pulumi