REST Resource: projects.locations.instances.logTypes

Resource: LogType

A Log type represents a data label for data customers send to Chronicle.

JSON representation 
{
  "name": string,
  "customLogTypeLabel": string,
  "displayName": string,
  "golden": boolean,
  "productSource": string,
  "isCustom": boolean,
  "hasCustomParser": boolean,
  "lastIngestedTime": string,
  "feedCount": integer,
  "parserType": enum (ParserType),
  "collectionTime": string
}
Fields
name

string

Output only. The resource name of this log type. Format: projects/{project}/locations/{location}/instances/{instance}/logTypes/{logType}
customLogTypeLabel

string

Output only. the custom log type label
displayName

string

Required. The display name of this log type. This is the tag used in YARA-l rules and search queries.
golden

boolean

Output only. Whether a LogType is a 'Golden' log type or not. LogTypes that support rapid customer onboarding are considered 'Golden' log types.
productSource

string

Required. This is what users see in the UI to identify the logtype while creating feed.
isCustom

boolean

Required. Whether the log type is custom or globally available.
hasCustomParser

boolean

Required. The log type could be custom logtype but still be using prebuilt parser. If this is set to true that means that there is a custom parser for this log type. ( deprecated )
lastIngestedTime

string (Timestamp format)

Required. The last time the log type was ingested.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
feedCount

integer

Output only. The number of feeds that are ingested for this log type. This field is populated from FeedManagementService and will be -1 if the feed count cannot be determined due to an error.
parserType

enum (ParserType)

Required. The type of parser used for this log type. (custom/prebuilt/-)
collectionTime

string (Timestamp format)

Output only. The time of the most recent log collection for this log type. If there has been no log collection yet, this field will not be set.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

ParserType

enum for getting a ParserType.

Enums
PARSER_TYPE_UNSPECIFIED Unspecified parser type.
CUSTOM_PARSER Custom parser.
PREBUILT_PARSER Prebuilt parser.

Methods

create

 Create LogType.

generateEventTypesSuggestions

 GenerateEventTypesSuggestions generates event types suggestions that can be mapped by a lowcode parser.

getLogTypeSetting

 Gets a LogTypeSetting.

legacySubmitParserExtension

 LegacySubmitParserExtension creates validates and then makes the extension live.

list

 Lists all LogTypes.

runParser

 RunParser runs the parser against a log and returns normalized events or any error that occurred during the normalization.

updateLogTypeSetting

 UpdateLogTypeSetting updates the log type setting for a log type.