Method: instances.generateUdmKeyValueMappings
Stay organized with collections Save and categorize content based on your preferences.

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes
IAM Permissions

Full name: projects.locations.instances.generateUdmKeyValueMappings

GenerateUDMKeyValueMappings generates key value mapping of a raw log. For a JSON raw log { "menu": { "id": "file", "popup": { "value": "New", } } } The generated key value mappings will be: "menu.id": "file" "menu.popup.value": "New"

HTTP request

POST https://chronicle.googleapis.com/v1alpha/{instance}:generateUdmKeyValueMappings

Path parameters

Parameters

Parameters
`instance`	`string` Required. The Chronicle instance associated with the request. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. The Chronicle instance associated with the request. Format: projects/{project}/locations/{location}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation
{ "log_format": enum (`LogFormat`), "log": string, "use_array_bracket_notation": boolean, "compress_array_fields": boolean }

Fields
`log_format`	`enum (LogFormat)` Log format of the raw log.
`log`	`string (bytes format)` The raw log. A base64-encoded string.
`use_array_bracket_notation`	`boolean` Optional. Flag to format arrays as bracket notation. When true, arrays will be serialized with brackets surrounding the index When false, there will be no change in the serialization of arrays and the default dot (.) notation will be used.
`compress_array_fields`	`boolean` Optional. Flag to compress array fields. When true, array fields will be truncated to include only the first element and elipssis (...) will be used to indicate if it has more elements. Also there will be no index supplied for the array elements. When false, array fields will be serialized with all elements.

Response body

Response message for GenerateUDMKeyValueMappingsResponse.

If successful, the response body contains data with the following structure:

JSON representation
{ "field_mappings": { string: string, ... } }

Fields

Fields
`field_mappings`	`map (key: string, value: string)` map of extracted fields. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.

field_mappings

map (key: string, value: string)

map of extracted fields.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.parserExtensions.generateKeyValueMappings

For more information, see the IAM documentation.

Method: instances.generateUdmKeyValueMappings Stay organized with collections Save and categorize content based on your preferences.