Viewing docs for sumologic 3.2.5
published on Thursday, Mar 26, 2026 by sumologic
published on Thursday, Mar 26, 2026 by sumologic
Viewing docs for sumologic 3.2.5
published on Thursday, Mar 26, 2026 by sumologic
published on Thursday, Mar 26, 2026 by sumologic
Provides a Sumo Logic Event Extraction Rule, which allows you to extract structured Events from log data and ingest them into Sumo Logic’s Events index.
Event Extraction Rules are commonly used to capture deployment events, configuration changes, feature flag changes, and infrastructure changes from logs.
Example Usage
Basic Event Extraction Rule
import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";
const deploymentEvent = new sumologic.EventExtractionRule("deployment_event", {
name: "deployment-event",
query: "_sourceCategory=deployments",
configurations: [
{
fieldName: "eventType",
valueSource: "Deployment",
},
{
fieldName: "eventPriority",
valueSource: "High",
},
{
fieldName: "eventSource",
valueSource: "Jenkins",
},
{
fieldName: "eventName",
valueSource: "monitor-manager deployed",
},
],
});
import pulumi
import pulumi_sumologic as sumologic
deployment_event = sumologic.EventExtractionRule("deployment_event",
name="deployment-event",
query="_sourceCategory=deployments",
configurations=[
{
"field_name": "eventType",
"value_source": "Deployment",
},
{
"field_name": "eventPriority",
"value_source": "High",
},
{
"field_name": "eventSource",
"value_source": "Jenkins",
},
{
"field_name": "eventName",
"value_source": "monitor-manager deployed",
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sumologic/v3/sumologic"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sumologic.NewEventExtractionRule(ctx, "deployment_event", &sumologic.EventExtractionRuleArgs{
Name: pulumi.String("deployment-event"),
Query: pulumi.String("_sourceCategory=deployments"),
Configurations: sumologic.EventExtractionRuleConfigurationArray{
&sumologic.EventExtractionRuleConfigurationArgs{
FieldName: pulumi.String("eventType"),
ValueSource: pulumi.String("Deployment"),
},
&sumologic.EventExtractionRuleConfigurationArgs{
FieldName: pulumi.String("eventPriority"),
ValueSource: pulumi.String("High"),
},
&sumologic.EventExtractionRuleConfigurationArgs{
FieldName: pulumi.String("eventSource"),
ValueSource: pulumi.String("Jenkins"),
},
&sumologic.EventExtractionRuleConfigurationArgs{
FieldName: pulumi.String("eventName"),
ValueSource: pulumi.String("monitor-manager deployed"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sumologic = Pulumi.Sumologic;
return await Deployment.RunAsync(() =>
{
var deploymentEvent = new Sumologic.EventExtractionRule("deployment_event", new()
{
Name = "deployment-event",
Query = "_sourceCategory=deployments",
Configurations = new[]
{
new Sumologic.Inputs.EventExtractionRuleConfigurationArgs
{
FieldName = "eventType",
ValueSource = "Deployment",
},
new Sumologic.Inputs.EventExtractionRuleConfigurationArgs
{
FieldName = "eventPriority",
ValueSource = "High",
},
new Sumologic.Inputs.EventExtractionRuleConfigurationArgs
{
FieldName = "eventSource",
ValueSource = "Jenkins",
},
new Sumologic.Inputs.EventExtractionRuleConfigurationArgs
{
FieldName = "eventName",
ValueSource = "monitor-manager deployed",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.EventExtractionRule;
import com.pulumi.sumologic.EventExtractionRuleArgs;
import com.pulumi.sumologic.inputs.EventExtractionRuleConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var deploymentEvent = new EventExtractionRule("deploymentEvent", EventExtractionRuleArgs.builder()
.name("deployment-event")
.query("_sourceCategory=deployments")
.configurations(
EventExtractionRuleConfigurationArgs.builder()
.fieldName("eventType")
.valueSource("Deployment")
.build(),
EventExtractionRuleConfigurationArgs.builder()
.fieldName("eventPriority")
.valueSource("High")
.build(),
EventExtractionRuleConfigurationArgs.builder()
.fieldName("eventSource")
.valueSource("Jenkins")
.build(),
EventExtractionRuleConfigurationArgs.builder()
.fieldName("eventName")
.valueSource("monitor-manager deployed")
.build())
.build());
}
}
resources:
deploymentEvent:
type: sumologic:EventExtractionRule
name: deployment_event
properties:
name: deployment-event
query: _sourceCategory=deployments
configurations:
- fieldName: eventType
valueSource: Deployment
- fieldName: eventPriority
valueSource: High
- fieldName: eventSource
valueSource: Jenkins
- fieldName: eventName
valueSource: monitor-manager deployed
Event Extraction Rule with Correlation Expression
import * as pulumi from "@pulumi/pulumi";
import * as sumologic from "@pulumi/sumologic";
const deploymentEvent = new sumologic.EventExtractionRule("deployment_event", {
name: "deployment-event",
description: "Captures deployment events from Jenkins logs",
query: "_sourceCategory=deployments | json \"version\"",
enabled: true,
correlationExpression: {
queryFieldName: "version",
eventFieldName: "version",
stringMatchingAlgorithm: "ExactMatch",
},
configurations: [
{
fieldName: "eventType",
valueSource: "Deployment",
},
{
fieldName: "eventPriority",
valueSource: "High",
},
{
fieldName: "eventSource",
valueSource: "Jenkins",
},
{
fieldName: "eventName",
valueSource: "monitor-manager deployed",
},
{
fieldName: "eventDescription",
valueSource: "2 containers upgraded",
},
],
});
import pulumi
import pulumi_sumologic as sumologic
deployment_event = sumologic.EventExtractionRule("deployment_event",
name="deployment-event",
description="Captures deployment events from Jenkins logs",
query="_sourceCategory=deployments | json \"version\"",
enabled=True,
correlation_expression={
"query_field_name": "version",
"event_field_name": "version",
"string_matching_algorithm": "ExactMatch",
},
configurations=[
{
"field_name": "eventType",
"value_source": "Deployment",
},
{
"field_name": "eventPriority",
"value_source": "High",
},
{
"field_name": "eventSource",
"value_source": "Jenkins",
},
{
"field_name": "eventName",
"value_source": "monitor-manager deployed",
},
{
"field_name": "eventDescription",
"value_source": "2 containers upgraded",
},
])
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/sumologic/v3/sumologic"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sumologic.NewEventExtractionRule(ctx, "deployment_event", &sumologic.EventExtractionRuleArgs{
Name: pulumi.String("deployment-event"),
Description: pulumi.String("Captures deployment events from Jenkins logs"),
Query: pulumi.String("_sourceCategory=deployments | json \"version\""),
Enabled: pulumi.Bool(true),
CorrelationExpression: &sumologic.EventExtractionRuleCorrelationExpressionArgs{
QueryFieldName: pulumi.String("version"),
EventFieldName: pulumi.String("version"),
StringMatchingAlgorithm: pulumi.String("ExactMatch"),
},
Configurations: sumologic.EventExtractionRuleConfigurationArray{
&sumologic.EventExtractionRuleConfigurationArgs{
FieldName: pulumi.String("eventType"),
ValueSource: pulumi.String("Deployment"),
},
&sumologic.EventExtractionRuleConfigurationArgs{
FieldName: pulumi.String("eventPriority"),
ValueSource: pulumi.String("High"),
},
&sumologic.EventExtractionRuleConfigurationArgs{
FieldName: pulumi.String("eventSource"),
ValueSource: pulumi.String("Jenkins"),
},
&sumologic.EventExtractionRuleConfigurationArgs{
FieldName: pulumi.String("eventName"),
ValueSource: pulumi.String("monitor-manager deployed"),
},
&sumologic.EventExtractionRuleConfigurationArgs{
FieldName: pulumi.String("eventDescription"),
ValueSource: pulumi.String("2 containers upgraded"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Sumologic = Pulumi.Sumologic;
return await Deployment.RunAsync(() =>
{
var deploymentEvent = new Sumologic.EventExtractionRule("deployment_event", new()
{
Name = "deployment-event",
Description = "Captures deployment events from Jenkins logs",
Query = "_sourceCategory=deployments | json \"version\"",
Enabled = true,
CorrelationExpression = new Sumologic.Inputs.EventExtractionRuleCorrelationExpressionArgs
{
QueryFieldName = "version",
EventFieldName = "version",
StringMatchingAlgorithm = "ExactMatch",
},
Configurations = new[]
{
new Sumologic.Inputs.EventExtractionRuleConfigurationArgs
{
FieldName = "eventType",
ValueSource = "Deployment",
},
new Sumologic.Inputs.EventExtractionRuleConfigurationArgs
{
FieldName = "eventPriority",
ValueSource = "High",
},
new Sumologic.Inputs.EventExtractionRuleConfigurationArgs
{
FieldName = "eventSource",
ValueSource = "Jenkins",
},
new Sumologic.Inputs.EventExtractionRuleConfigurationArgs
{
FieldName = "eventName",
ValueSource = "monitor-manager deployed",
},
new Sumologic.Inputs.EventExtractionRuleConfigurationArgs
{
FieldName = "eventDescription",
ValueSource = "2 containers upgraded",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.sumologic.EventExtractionRule;
import com.pulumi.sumologic.EventExtractionRuleArgs;
import com.pulumi.sumologic.inputs.EventExtractionRuleCorrelationExpressionArgs;
import com.pulumi.sumologic.inputs.EventExtractionRuleConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var deploymentEvent = new EventExtractionRule("deploymentEvent", EventExtractionRuleArgs.builder()
.name("deployment-event")
.description("Captures deployment events from Jenkins logs")
.query("_sourceCategory=deployments | json \"version\"")
.enabled(true)
.correlationExpression(EventExtractionRuleCorrelationExpressionArgs.builder()
.queryFieldName("version")
.eventFieldName("version")
.stringMatchingAlgorithm("ExactMatch")
.build())
.configurations(
EventExtractionRuleConfigurationArgs.builder()
.fieldName("eventType")
.valueSource("Deployment")
.build(),
EventExtractionRuleConfigurationArgs.builder()
.fieldName("eventPriority")
.valueSource("High")
.build(),
EventExtractionRuleConfigurationArgs.builder()
.fieldName("eventSource")
.valueSource("Jenkins")
.build(),
EventExtractionRuleConfigurationArgs.builder()
.fieldName("eventName")
.valueSource("monitor-manager deployed")
.build(),
EventExtractionRuleConfigurationArgs.builder()
.fieldName("eventDescription")
.valueSource("2 containers upgraded")
.build())
.build());
}
}
resources:
deploymentEvent:
type: sumologic:EventExtractionRule
name: deployment_event
properties:
name: deployment-event
description: Captures deployment events from Jenkins logs
query: _sourceCategory=deployments | json "version"
enabled: true
correlationExpression:
queryFieldName: version
eventFieldName: version
stringMatchingAlgorithm: ExactMatch
configurations:
- fieldName: eventType
valueSource: Deployment
- fieldName: eventPriority
valueSource: High
- fieldName: eventSource
valueSource: Jenkins
- fieldName: eventName
valueSource: monitor-manager deployed
- fieldName: eventDescription
valueSource: 2 containers upgraded
Attributes reference
In addition to all arguments above, the following attributes are exported:
id- The ID of the Event extraction rule.
Schema for correlationExpression
query_field_name- (Required) Name of the field returned by the log query.event_field_name- (Required) Name of the corresponding event field.string_matching_algorithm- (Required) Algorithm used to match values.
Schema for configuration
The configuration block can be repeated multiple times to define event field mappings. Each block supports:
field_name- (Required) The name of the event field being configured.value_source- (Required) The value or extracted field used for the event field.mapping_type- (Optional) Specifies how the value is mapped. Defaults toHardCoded.
Required event fields
The following field_name values must be defined:
eventType- (Required) Type of the event. Accepted values:Deployment,Feature Flag Change,Configuration Change,Infrastructure ChangeeventPriority- (Required) Priority of the event. Accepted values:High,Medium,LoweventSource- (Required) Source system where the event originated (for example,Jenkins).eventName- (Required) Human-readable name of the event.
Optional event fields
eventDescription- (Optional) Additional context or details about the event.
Create EventExtractionRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new EventExtractionRule(name: string, args: EventExtractionRuleArgs, opts?: CustomResourceOptions);@overload
def EventExtractionRule(resource_name: str,
args: EventExtractionRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def EventExtractionRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
configurations: Optional[Sequence[EventExtractionRuleConfigurationArgs]] = None,
query: Optional[str] = None,
correlation_expression: Optional[EventExtractionRuleCorrelationExpressionArgs] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
event_extraction_rule_id: Optional[str] = None,
name: Optional[str] = None)func NewEventExtractionRule(ctx *Context, name string, args EventExtractionRuleArgs, opts ...ResourceOption) (*EventExtractionRule, error)public EventExtractionRule(string name, EventExtractionRuleArgs args, CustomResourceOptions? opts = null)
public EventExtractionRule(String name, EventExtractionRuleArgs args)
public EventExtractionRule(String name, EventExtractionRuleArgs args, CustomResourceOptions options)
type: sumologic:EventExtractionRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args EventExtractionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args EventExtractionRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args EventExtractionRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args EventExtractionRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args EventExtractionRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var eventExtractionRuleResource = new Sumologic.EventExtractionRule("eventExtractionRuleResource", new()
{
Configurations = new[]
{
new Sumologic.Inputs.EventExtractionRuleConfigurationArgs
{
FieldName = "string",
ValueSource = "string",
MappingType = "string",
},
},
Query = "string",
CorrelationExpression = new Sumologic.Inputs.EventExtractionRuleCorrelationExpressionArgs
{
EventFieldName = "string",
QueryFieldName = "string",
StringMatchingAlgorithm = "string",
},
Description = "string",
Enabled = false,
EventExtractionRuleId = "string",
Name = "string",
});
example, err := sumologic.NewEventExtractionRule(ctx, "eventExtractionRuleResource", &sumologic.EventExtractionRuleArgs{
Configurations: sumologic.EventExtractionRuleConfigurationArray{
&sumologic.EventExtractionRuleConfigurationArgs{
FieldName: pulumi.String("string"),
ValueSource: pulumi.String("string"),
MappingType: pulumi.String("string"),
},
},
Query: pulumi.String("string"),
CorrelationExpression: &sumologic.EventExtractionRuleCorrelationExpressionArgs{
EventFieldName: pulumi.String("string"),
QueryFieldName: pulumi.String("string"),
StringMatchingAlgorithm: pulumi.String("string"),
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
EventExtractionRuleId: pulumi.String("string"),
Name: pulumi.String("string"),
})
var eventExtractionRuleResource = new EventExtractionRule("eventExtractionRuleResource", EventExtractionRuleArgs.builder()
.configurations(EventExtractionRuleConfigurationArgs.builder()
.fieldName("string")
.valueSource("string")
.mappingType("string")
.build())
.query("string")
.correlationExpression(EventExtractionRuleCorrelationExpressionArgs.builder()
.eventFieldName("string")
.queryFieldName("string")
.stringMatchingAlgorithm("string")
.build())
.description("string")
.enabled(false)
.eventExtractionRuleId("string")
.name("string")
.build());
event_extraction_rule_resource = sumologic.EventExtractionRule("eventExtractionRuleResource",
configurations=[{
"field_name": "string",
"value_source": "string",
"mapping_type": "string",
}],
query="string",
correlation_expression={
"event_field_name": "string",
"query_field_name": "string",
"string_matching_algorithm": "string",
},
description="string",
enabled=False,
event_extraction_rule_id="string",
name="string")
const eventExtractionRuleResource = new sumologic.EventExtractionRule("eventExtractionRuleResource", {
configurations: [{
fieldName: "string",
valueSource: "string",
mappingType: "string",
}],
query: "string",
correlationExpression: {
eventFieldName: "string",
queryFieldName: "string",
stringMatchingAlgorithm: "string",
},
description: "string",
enabled: false,
eventExtractionRuleId: "string",
name: "string",
});
type: sumologic:EventExtractionRule
properties:
configurations:
- fieldName: string
mappingType: string
valueSource: string
correlationExpression:
eventFieldName: string
queryFieldName: string
stringMatchingAlgorithm: string
description: string
enabled: false
eventExtractionRuleId: string
name: string
query: string
EventExtractionRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The EventExtractionRule resource accepts the following input properties:
- Configurations
List<Event
Extraction Rule Configuration> - Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- Query string
- Log query used to extract events.
- Correlation
Expression EventExtraction Rule Correlation Expression - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- Description string
- Description of the rule.
- Enabled bool
- Whether the macro will be enabled. Default true.
- Event
Extraction stringRule Id - Name string
- Name of the Event Extraction Rule.
- Configurations
[]Event
Extraction Rule Configuration Args - Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- Query string
- Log query used to extract events.
- Correlation
Expression EventExtraction Rule Correlation Expression Args - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- Description string
- Description of the rule.
- Enabled bool
- Whether the macro will be enabled. Default true.
- Event
Extraction stringRule Id - Name string
- Name of the Event Extraction Rule.
- configurations
List<Event
Extraction Rule Configuration> - Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- query String
- Log query used to extract events.
- correlation
Expression EventExtraction Rule Correlation Expression - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- description String
- Description of the rule.
- enabled Boolean
- Whether the macro will be enabled. Default true.
- event
Extraction StringRule Id - name String
- Name of the Event Extraction Rule.
- configurations
Event
Extraction Rule Configuration[] - Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- query string
- Log query used to extract events.
- correlation
Expression EventExtraction Rule Correlation Expression - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- description string
- Description of the rule.
- enabled boolean
- Whether the macro will be enabled. Default true.
- event
Extraction stringRule Id - name string
- Name of the Event Extraction Rule.
- configurations
Sequence[Event
Extraction Rule Configuration Args] - Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- query str
- Log query used to extract events.
- correlation_
expression EventExtraction Rule Correlation Expression Args - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- description str
- Description of the rule.
- enabled bool
- Whether the macro will be enabled. Default true.
- event_
extraction_ strrule_ id - name str
- Name of the Event Extraction Rule.
- configurations List<Property Map>
- Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- query String
- Log query used to extract events.
- correlation
Expression Property Map - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- description String
- Description of the rule.
- enabled Boolean
- Whether the macro will be enabled. Default true.
- event
Extraction StringRule Id - name String
- Name of the Event Extraction Rule.
Outputs
All input properties are implicitly available as output properties. Additionally, the EventExtractionRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing EventExtractionRule Resource
Get an existing EventExtractionRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: EventExtractionRuleState, opts?: CustomResourceOptions): EventExtractionRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
configurations: Optional[Sequence[EventExtractionRuleConfigurationArgs]] = None,
correlation_expression: Optional[EventExtractionRuleCorrelationExpressionArgs] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
event_extraction_rule_id: Optional[str] = None,
name: Optional[str] = None,
query: Optional[str] = None) -> EventExtractionRulefunc GetEventExtractionRule(ctx *Context, name string, id IDInput, state *EventExtractionRuleState, opts ...ResourceOption) (*EventExtractionRule, error)public static EventExtractionRule Get(string name, Input<string> id, EventExtractionRuleState? state, CustomResourceOptions? opts = null)public static EventExtractionRule get(String name, Output<String> id, EventExtractionRuleState state, CustomResourceOptions options)resources: _: type: sumologic:EventExtractionRule get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Configurations
List<Event
Extraction Rule Configuration> - Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- Correlation
Expression EventExtraction Rule Correlation Expression - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- Description string
- Description of the rule.
- Enabled bool
- Whether the macro will be enabled. Default true.
- Event
Extraction stringRule Id - Name string
- Name of the Event Extraction Rule.
- Query string
- Log query used to extract events.
- Configurations
[]Event
Extraction Rule Configuration Args - Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- Correlation
Expression EventExtraction Rule Correlation Expression Args - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- Description string
- Description of the rule.
- Enabled bool
- Whether the macro will be enabled. Default true.
- Event
Extraction stringRule Id - Name string
- Name of the Event Extraction Rule.
- Query string
- Log query used to extract events.
- configurations
List<Event
Extraction Rule Configuration> - Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- correlation
Expression EventExtraction Rule Correlation Expression - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- description String
- Description of the rule.
- enabled Boolean
- Whether the macro will be enabled. Default true.
- event
Extraction StringRule Id - name String
- Name of the Event Extraction Rule.
- query String
- Log query used to extract events.
- configurations
Event
Extraction Rule Configuration[] - Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- correlation
Expression EventExtraction Rule Correlation Expression - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- description string
- Description of the rule.
- enabled boolean
- Whether the macro will be enabled. Default true.
- event
Extraction stringRule Id - name string
- Name of the Event Extraction Rule.
- query string
- Log query used to extract events.
- configurations
Sequence[Event
Extraction Rule Configuration Args] - Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- correlation_
expression EventExtraction Rule Correlation Expression Args - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- description str
- Description of the rule.
- enabled bool
- Whether the macro will be enabled. Default true.
- event_
extraction_ strrule_ id - name str
- Name of the Event Extraction Rule.
- query str
- Log query used to extract events.
- configurations List<Property Map>
- Defines how event fields are mapped to their corresponding values. See configuration schema for details.
- correlation
Expression Property Map - Specifies how to determine related events for a log search query. See correlationExpression schema for details.
- description String
- Description of the rule.
- enabled Boolean
- Whether the macro will be enabled. Default true.
- event
Extraction StringRule Id - name String
- Name of the Event Extraction Rule.
- query String
- Log query used to extract events.
Supporting Types
EventExtractionRuleConfiguration, EventExtractionRuleConfigurationArgs
- Field
Name string - The name of the field (e.g., eventType, eventName).
- Value
Source string - The source value for the field.
- Mapping
Type string - The mapping type for the field. Defaults to 'HardCoded'.
- Field
Name string - The name of the field (e.g., eventType, eventName).
- Value
Source string - The source value for the field.
- Mapping
Type string - The mapping type for the field. Defaults to 'HardCoded'.
- field
Name String - The name of the field (e.g., eventType, eventName).
- value
Source String - The source value for the field.
- mapping
Type String - The mapping type for the field. Defaults to 'HardCoded'.
- field
Name string - The name of the field (e.g., eventType, eventName).
- value
Source string - The source value for the field.
- mapping
Type string - The mapping type for the field. Defaults to 'HardCoded'.
- field_
name str - The name of the field (e.g., eventType, eventName).
- value_
source str - The source value for the field.
- mapping_
type str - The mapping type for the field. Defaults to 'HardCoded'.
- field
Name String - The name of the field (e.g., eventType, eventName).
- value
Source String - The source value for the field.
- mapping
Type String - The mapping type for the field. Defaults to 'HardCoded'.
EventExtractionRuleCorrelationExpression, EventExtractionRuleCorrelationExpressionArgs
- Event
Field stringName - Query
Field stringName - String
Matching stringAlgorithm
- Event
Field stringName - Query
Field stringName - String
Matching stringAlgorithm
- event
Field StringName - query
Field StringName - string
Matching StringAlgorithm
- event
Field stringName - query
Field stringName - string
Matching stringAlgorithm
- event
Field StringName - query
Field StringName - string
Matching StringAlgorithm
Package Details
- Repository
- Sumo Logic sumologic/terraform-provider-sumologic
- License
- Notes
- This Pulumi package is based on the
sumologicTerraform Provider.
Viewing docs for sumologic 3.2.5
published on Thursday, Mar 26, 2026 by sumologic
published on Thursday, Mar 26, 2026 by sumologic
