Patterns search API

Success: {'response': ...}
Example: {'response': {"execTimeSec": 100}}

Failure: {'errorCode': Int, 'message': String, 'errors': List[String], ...}
Example:

{
  "errorCode": 5001,
  "message": "Job execution failure",
  "errors": ["Uncaught error during connection to ..."]
}

Endpoints

Note: params with ‘*’ suffix are required.

Main method to run patterns search job.

Source and sink types:

Name	Type	Description
source*	Enum	type of source to read data from, possible values: `jdbc`, `kafka`
sink*	Enum	type of sink to write incidents to, possible values: `jdbc`, `kafka` (beta)

URL parameters:

Name	Type	Description	Default
run_async	Boolean	do send preserve connection (and send back all errors) during whole life of request?	`false`

Body parameters:

Name	Type	Description
uuid*	String	Unique ID of job for further use in monitoring API
source*	Source	Configs to specific type of source provided in path param `source`
sink*	Sink	Configs to specific type of sink provided in path param `sink`
patterns*	List[Pattern]	Patterns source-code to parse and run on source data

Response:

Error codes:

Code	Description
4001	Invalid patterns source code
5000, 5002, 5003	Most generic errors
4001	Malformed query field
4002	Malformed query
4003	Malformed request content
4005	Invalid request

Endpoint for validation of the patterns syntax without actually being run.

Body parameters:

Name	Type	Description
patterns*	List[Pattern]	Patterns source-code to parse

Response:

On success returns a list of objects which have the following structure:

Name	Type	Description
pattern	Pattern	A pattern which was checked
success	Boolean	True if the pattern syntax is correct, false otherwise
context	String	Internal representation of a pattern builder if the pattern is correct, error description otherwise

Error codes:

Code	Description
4001	Invalid patterns source code
5000, 5002, 5003	Most generic errors
4001	Malformed query field
4002	Malformed query
4003	Malformed request content
4005	Invalid request