POST /v1/eventExtractionRules

Create event extraction rule.

Servers

https://api.au.sumologic.com/api/
https://api.ca.sumologic.com/api/
https://api.de.sumologic.com/api/
https://api.eu.sumologic.com/api/
https://api.fed.sumologic.com/api/
https://api.jp.sumologic.com/api/
https://api.kr.sumologic.com/api/
https://api.in.sumologic.com/api/
https://api.sumologic.com/api/
https://api.us2.sumologic.com/api/

Request headers

Name	Type	Required	Description
`Content-Type`	String	Yes	The media type of the request body. Default value: "application/json"

Request body fields

Name	Type	Required	Description
`query`	String	Yes	Query string for the Event Extraction Rule. Logs matching this query are periodically ingested into the `sumologic_userdata_events` index (Events). Guidelines for creating the query: Optimize the query to limit the number of returned log messages (intended for special logs only). The query runs in `Manual` mode, explicitly parse and extract only the necessary fields for event correlation and visualization. Use the `fields` operator to restrict the output to required fields.
`name`	String	Yes	Name of event extraction rule.
`description`	String	No	Description of event extraction rule.
`configuration`	Object	Yes	Configuration for the Event Extraction Rule. This object defines how event fields are mapped to their corresponding values. Each field specifies a `valueSource`, which provides the actual value, and an optional `mappingType`, indicating the value is hardcoded. The following fields are required: `eventType`: Type of the event. Accepted values are `Deployment`, `Feature Flag Change`, `Configuration Change` or `Infrastructure Change`. `eventPriority`: Indicates the priority of the event. Accepted values are `High`, `Medium`, or `Low`. `eventSource`: Source system or component where the event originated (e.g., "Jenkins"). `eventName`: Descriptive name of the event (e.g., "monitor-manager deployed."). The following fields are optional: `eventDescription`: Additional context or details about the event. Custom fields can also be added as needed to capture domain-specific event data.
`configuration.name`	Object	No
`configuration.name.valueSource`	String	Yes	The actual value or field reference for the mapping.
`configuration.name.mappingType`	String	No	Specifies valueSource is hardcoded.
`correlationExpression`	Object	No	Correlation Expression specifies how to determine related events for a log search query. The value of `eventFieldName` from Events is compared with the values of `queryFieldName` from the log search query output using the defined stringMatchingAlgorithm. Events that match according to this algorithm are considered correlated.
`correlationExpression.eventFieldName`	String	Yes	Name of the field from event query output.
`correlationExpression.queryFieldName`	String	Yes	Name of the query field returned by a log search query.
`correlationExpression.stringMatchingAlgorithm`	String	Yes	Type of string matching algorithm which tells how to match eventFieldName and queryFieldName.

How to start integrating

Add HTTP Task to your workflow definition.
Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
Click Test request to test run your request to the API and see the API's response.