Help Center/ Log Tank Service/ More Documents/ API Reference (Ally Region)/ APIs/ Log Ingestion/ Modifying a Log Ingestion Configuration
Updated on 2026-01-05 GMT+08:00
Online Debugging
CLI Examples
View PDF
Share

Modifying a Log Ingestion Configuration

Function

This API is used to modify a log ingestion configuration.

URI

PUT /v3/{project_id}/lts/access-config

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID. For details about how to obtain a project ID, see Obtaining the Account Tenant ID, Project Resource Set ID, Log Group ID, and Log Stream ID.

Minimum: 32

Maximum: 32

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token obtained from IAM. For details about how to obtain a user token, see Obtaining a User Token.

Minimum: 1000

Maximum: 2000

Content-Type

Yes

String

Set this parameter to application/json;charset=UTF-8.

Minimum: 30

Maximum: 30
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

access_config_id

Yes

String

Ingestion configuration ID.

Minimum: 36

Maximum: 36

access_config_name

No

String

Ingestion configuration name.

Use only letters, digits, hyphens (-), underscores (_), and periods (.). Do not start with a period or underscore or end with a period. Each name contains a maximum of 64 characters.

access_config_detail

No

AccessConfigDeatilCreate object

Ingestion configuration details.

host_group_info

No

AccessConfigHostGroupIdList object

Host group ID list.

access_config_tag

No

Array of accessConfigTag objects

Tag information. Each tag key must be unique. Up to 20 tags are supported.

log_split

No

Boolean

Log splitting.

binary_collect

No

Boolean

Binary collection.

cluster_id

No

String

CCE cluster ID. This parameter is mandatory for the CCE type.

incremental_collect

No

Boolean

Whether to perform incremental collection. true indicates incremental collection and false indicates full collection.

encoding_format

No

String

Encoding format. The default format is UTF-8.

processor_type

No

String

ICAgent structuring parsing type.

demo_log

No

String

Sample log event.

demo_fields

No

Array of DemoFieldAccess objects

Parsing fields of the sample log event.

processors

No

Array of Processor objects

ICAgent structuring parser.

application_id

No

String

ServiceStage application ID.

environment_id

No

String

ServiceStage environment ID.

component_id

No

Array of strings

ServiceStage component ID.
Table 4 AccessConfigDeatilCreate

Parameter

Mandatory

Type

Description

paths

No

Array of strings

Definition

Collection paths.

  • A path must start with a slash (/) or a letter followed by a colon and a backslash (for example, C:\).

  • A path cannot contain only slashes (/). The following special characters are not allowed: <>'|"

  • A path cannot start with /** or /*.

  • Only one double asterisk (**) can be contained in a path.

  • The container path and host path are mandatory for the CCE type and are not mandatory for the standard output.

black_paths

No

Array of strings

Definition

Collection blacklist paths.

  • A path must start with a slash (/) or a letter followed by a colon and a backslash (for example, C:\).

  • A path cannot contain only slashes (/). The following special characters are not allowed: <>'|"

  • A path cannot start with /** or /*.

  • Only one double asterisk (**) can be contained in a path.

format

Yes

AccessConfigFormatCreate object

Definition

Log format information.

windows_log_info

No

AccessConfigWindowsLogInfoCreate object

Definition

Windows event log information in a log ingestion configuration.

stdout

No

Boolean

Definition

Whether to enable container standard output collection in a CCE application log ingestion configuration.

Range

  • true: Container standard output collection is enabled.

  • false: Container standard output collection is disabled.

stderr

No

Boolean

Definition

Whether to enable container standard error collection in a CCE application log ingestion configuration.

Range

  • true: Container standard error collection is enabled.

  • false: Container standard error collection is disabled.

pathType

No

String

Definition

Data source type. This parameter is available only for CCE application log ingestion.

Range

  • HOST_FILE: node file type

  • CONTAINER_STDOUT: container standard output

  • CONTAINER_FILE: container file path

  • K8S_EVENT: Kubernetes event

namespaceRegex

No

String

Definition

Regular expression used to match Kubernetes namespaces by name. LTS will collect logs from containers within those matched namespaces. To collect logs of all namespaces, leave this parameter empty.

This parameter is available only for CCE application log ingestion.

Range

N/A

podNameRegex

No

String

Definition

Regular expression used to match Kubernetes pods by name. LTS will collect logs from containers within those matched pods. To collect logs of all pods, leave this parameter empty.

This parameter is available only for CCE application log ingestion.

Range

N/A

containerNameRegex

No

String

Definition

Regular expression used to match Kubernetes containers by name. Kubernetes container names are defined in spec.containers. LTS will collect logs from those matched containers. To collect logs of all containers, leave this parameter empty.

This parameter is available only for CCE application log ingestion.

Range

N/A

includeLabels

No

Map<String,String>

Definition

Container label whitelist. When configuring CCE application log ingestion, you can specify containers whose logs are to be collected by adding container label whitelists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their container labels are matched. If LabelValue is not empty, only containers with LabelKey=LabelValue in their container labels are matched. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

excludeLabels

No

Map<String,String>

Definition

Container label blacklist. When configuring CCE application log ingestion, you can specify containers whose logs are not to be collected by adding container label blacklists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their container labels are excluded. If LabelValue is not empty, only containers with LabelKey=LabelValue in their container labels are excluded. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

includeEnvs

No

Map<String,String>

Definition

Environment variable whitelist. When configuring CCE application log ingestion, you can specify containers whose logs are to be collected by adding environment variable whitelists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their environment variables are matched. If LabelValue is not empty, only containers with LabelKey=LabelValue in their environment variables are matched. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

excludeEnvs

No

Map<String,String>

Definition

Environment variable blacklist. When configuring CCE application log ingestion, you can specify containers whose logs are not to be collected by adding environment variable blacklists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their environment variables are excluded. If LabelValue is not empty, only containers with LabelKey=LabelValue in their environment variables are excluded. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

logLabels

No

Map<String,String>

Definition

Container label. When configuring CCE application log ingestion, you can use this parameter to add container label fields to logs. For example, if you set app as the LabelKey and app_alias as the LabelValue, when a container's labels contain app=lts, the field {app_alias:lts} will be added to the logs of that container.

logEnvs

No

Map<String,String>

Definition

Environment variable. When configuring CCE application log ingestion, you can use this parameter to add environment variable fields to logs. For example, if you set app as the environment variable key and app_alias as the value, when the Kubernetes environment variables contain app=lts, {app_alias:lts} will be added to the Kubernetes logs.

includeK8sLabels

No

Map<String,String>

Definition

Kubernetes label whitelist. When configuring CCE application log ingestion, you can specify containers whose logs are to be collected by adding Kubernetes label whitelists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their Kubernetes labels are matched. If LabelValue is not empty, only containers with LabelKey=LabelValue in their Kubernetes labels are matched. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

excludeK8sLabels

No

Map<String,String>

Definition

Kubernetes label blacklist. When configuring CCE application log ingestion, you can specify containers whose logs are not to be collected by adding Kubernetes label blacklists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their Kubernetes labels are excluded. If LabelValue is not empty, only containers with LabelKey=LabelValue in their Kubernetes labels are excluded. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

logK8s

No

Map<String,String>

Definition

Kubernetes label. When configuring CCE application log ingestion, you can use this parameter to add Kubernetes label fields to logs. For example, if you set app as the LabelKey and app_alias as the LabelValue, when a container's labels contain app=lts, the field {app_alias:lts} will be added to the logs of that container.

repeat_collect

No

Boolean

Definition

Whether repeated file collection is allowed.

Range

  • true: One host log file can be collected to multiple log streams.

  • false: Each collection path must be unique. That is, the same log file in the same host cannot be collected to different log streams.

system_fields

No

Array of strings

Definition

System built-in fields. When configuring a log ingestion rule, you can specify system fields to include in the tag data of each log reported. If this parameter is modified, the original configuration will be overwritten.

  • The system fields for host log file collection are hostName, hostId, hostIP, pathFile, hostIPv6, and __host_group__.

The system fields for Kubernetes cluster container log file collection are hostName, hostId, hostIP, pathFile, hostIPv6, clusterId, podName, appName, containerName, nameSpace, __host_group__, serviceID, podIp, clusterName, workloadType, and __image_name__.

custom_key_value

No

Map<String,String>

Definition

Custom key-value pairs. When configuring log ingestion, you can configure up to 20 custom key-value pairs to be included as fields in the tag data of each log reported. If this parameter is modified, the original configuration will be overwritten.

  • Key: Enter up to 128 characters, including letters, digits, underscores (_), and hyphens (-).

  • Value: Enter up to 1,024 characters.

includeLabelsLogical

No

String

Definition

Logic for multiple container label whitelists, which determines how the whitelists are applied. The value can be AND (all whitelists must be met) or OR (default value; any whitelist is met).

Range

  • AND

  • OR

excludeLabelsLogical

No

String

Definition

Logic for multiple container label blacklists, which determines how the blacklists are applied. The value can be AND (all blacklists must be met) or OR (default value; any blacklist is met).

Range

  • AND

  • OR

includeK8sLabelsLogical

No

String

Definition

Logic for multiple Kubernetes label whitelists, which determines how the whitelists are applied. The value can be AND (all whitelists must be met) or OR (default value; any whitelist is met).

Range

  • AND

  • OR

excludeK8sLabelsLogical

No

String

Definition

Logic for multiple Kubernetes label blacklists, which determines how the blacklists are applied. The value can be AND (all blacklists must be met) or OR (default value; any blacklist is met).

Range

  • AND

  • OR

includeEnvsLogical

No

String

Definition

Logic for multiple environment variable whitelists, which determines how the whitelists are applied. The value can be AND (all whitelists must be met) or OR (default value; any whitelist is met).

Range

  • AND

  • OR

excludeEnvsLogical

No

String

Definition

Logic for multiple environment variable blacklists, which determines how the blacklists are applied. The value can be AND (all blacklists must be met) or OR (default value; any blacklist is met).

Range

  • AND

  • OR
Table 5 AccessConfigFormatCreate

Parameter

Mandatory

Type

Description

single

No

AccessConfigFormatSingleCreate object

Single-line logs.

multi

No

AccessConfigFormatMutilCreate object

Multi-line logs.
Table 6 AccessConfigFormatSingleCreate

Parameter

Mandatory

Type

Description

mode

No

String

Single-line logs. system indicates the system time, whereas wildcard indicates the time wildcard.

value

No

String

Log time.If mode is system, the value is the current timestamp.If mode is wildcard, the value is a time wildcard, which is used to match the log printing time displayed at the beginning of a log event. If the time format in a log event is 2019-01-01 23:59:59, the time wildcard is YYYY-MM-DD hh:mm:ss. If the time format in a log event is 19-1-1 23:59:59, the time wildcard is YY-M-D hh:mm:ss.
Table 7 AccessConfigFormatMutilCreate

Parameter

Mandatory

Type

Description

mode

No

String

Single-line logs. time indicates a time wildcard is used to detect log boundaries, whereas regular indicates that a regular expression is used.

value

No

String

Log time.If mode is regular, the value is a regular expression.If mode is time, the value is a time wildcard, which is used to match the log printing time displayed at the beginning of a log event. If the time format in a log event is 2019-01-01 23:59:59, the time wildcard is YYYY-MM-DD hh:mm:ss. If the time format in a log event is 19-1-1 23:59:59, the time wildcard is YY-M-D hh:mm:ss.
Table 8 AccessConfigWindowsLogInfoCreate

Parameter

Mandatory

Type

Description

categorys

Yes

Array of strings

Type of Windows event logs to be collected.

  • Application: application event logs.

  • System: system event logs.

  • Security: security event logs.

  • Setup: startup event logs.

time_offset

Yes

AccessConfigTimeOffset object

Offset from first collection time.

event_level

Yes

Array of strings

Event level.

  • information: common information events, which do not affect system running.

  • warning: warning events, which may affect system running but do not cause system breakdown.

  • error: error events, which cause system breakdown or prevent the service from running properly.

  • critical: critical events, which may cause system or application failures.

  • verbose: detailed event information, which does not affect the system running.
Table 9 AccessConfigTimeOffset

Parameter

Mandatory

Type

Description

offset

Yes

Long

Time offset.

When unit is day, the value ranges from 1 to 7.

When unit is hour, the value ranges from 1 to 168.

When unit is sec, the value ranges from 1 to 604800.

unit

Yes

String

Unit of the time offset.

  • day

  • hour

  • sec
Table 10 AccessConfigHostGroupIdList

Parameter

Mandatory

Type

Description

host_group_id_list

Yes

Array of strings

List of host group IDs.
Table 11 accessConfigTag

Parameter

Mandatory

Type

Description

key

Yes

String

Tag key, which must be unique.

  • A tag key can contain letters, digits, spaces, and special characters (_.:=+-@), but cannot start or end with a space or start with sys.

  • A tag key can contain up to 128 characters.

value

No

String

Tag value.

  • A tag value can contain letters, digits, spaces, and special characters (_.:=+-@).

  • A tag value can contain up to 255 characters.
Table 12 DemoFieldAccess

Parameter

Mandatory

Type

Description

field_name

No

String

Definition

Parsing fields of the sample log event.

Range

N/A

field_value

No

String

Definition

Value of a field in a sample log.

Range

N/A
Table 13 Processor

Parameter

Mandatory

Type

Description

type

No

String

Definition

Structuring parsing type. The values are as follows:

  • processor_regex: regular expression

  • processor_split_string: delimiter

  • processor_json: JSON

  • processor_gotime: custom time type

  • processor_filter_regex: log filtering

  • processor_drop: type of fields to be deleted

  • processor_rename: type of fields to be modified

Range

N/A

detail

No

Detail object

Definition

Structuring parsing configuration information.
Table 14 Detail

Parameter

Mandatory

Type

Description

source_key

No

String

Definition

Original field for storing log content before log structuring parsing. The default value is content.

Range

N/A

regex

No

String

Definition

Regular expression. Regular expression used to match logs.

Range

N/A

keys

No

Array of strings

Definition

Name of an extracted field. Set a corresponding field name for the extracted log content.

multi_line_regex

No

String

Definition

First line regular expression.

Range

N/A

keep_source

No

Boolean

Definition

Whether to upload raw logs.

Range

true: Retain raw logs.

false: Do not retain raw logs.

keep_source_if_parse_error

No

Boolean

Definition

Whether to upload logs that fail to be parsed.

Range

true: Upload logs that fail to be parsed.

false: Do not upload logs that fail to be parsed.

split_sep

No

String

Definition

Delimiters. Set delimiters based on the log content, for example, vertical bar (|).

Range

N/A

split_type

No

String

Definition

Delimiter type. The value can be char (single character), special_char (invisible characters), or string.

Range

N/A

fields

No

Map<String,String>

Definition

Field name and value to be added, in the key-value pair format. You can add multiple key-value pairs.

drop_keys

No

Array of strings

Definition

List of discarded fields.

source_keys

No

Array of strings

Definition

Original field to be renamed.

dest_keys

No

Array of strings

Definition

Renamed field.

expand_depth

No

Integer

Definition

Depth of JSON expansion. The default value is 0, indicating that there is no limit. 1 indicates the one level, and so on.

Range

N/A

expand_connector

No

String

Definition

Connector for JSON expansion. The default value is a period (.).

Range

N/A

source_format

No

String

Definition

Format of the original time.

Range

N/A

source_value

No

String

Definition

Field value of the original time.

Range

N/A

set_time

No

Boolean

Definition

Whether to set the parsed time as the log time.

Range

N/A

include

No

Map<String,String>

Definition

Log filtering whitelist rule, in the format of key-value pairs. Each key indicates a log field and must be unique, with a maximum of 256 characters. The corresponding value is a regular expression that specifies the filtering criteria.

exclude

No

Map<String,String>

Definition

Log filtering blacklist rule, in the format of key-value pairs. Each key indicates a log field and must be unique, with a maximum of 256 characters. The corresponding value is a regular expression that specifies the filtering criteria.

Response Parameters

Status code: 200

Table 15 Response body parameters

Parameter

Type

Description

access_config_id

String

Definition

Log ingestion configuration ID.

Range

N/A

access_config_name

String

Definition

Log ingestion configuration name.

Range

N/A

access_config_type

String

Definition

Log ingestion configuration type.

Range

  • AGENT: ECS text log ingestion.

  • K8S_CCE: CCE application log ingestion.

create_time

Long

Definition

Time when the log ingestion configuration is created.

Range

N/A

access_config_detail

AccessConfigDeatilCreate object

Definition

Log ingestion configuration details.

log_info

AccessConfigQueryLogInfo object

Definition

Log stream details of the log ingestion configuration.

host_group_info

AccessConfigHostGroupIdList object

Definition

Host group ID list of the log ingestion configuration.

access_config_tag

Array of accessConfigTag objects

Definition

Label information of the log ingestion configuration.

log_split

Boolean

Definition

Whether to split logs.

Range

  • true: Split logs.

  • false: Do not split logs.

binary_collect

Boolean

Definition

Whether to collect binary data.

Range

  • true: Collect binary data.

  • false: Do not collect binary data.

cluster_id

String

Definition

CCE cluster ID.

Range

N/A

encoding_format

String

Definition

Encoding format. The default format is UTF-8.

Range

N/A

incremental_collect

Boolean

Definition

Whether to enable incremental collection.

Range

true: Collect new log data.

false: Collect all log data.

processor_type

String

Definition

ICAgent structuring parsing type.

Range

  • SINGLE_LINE

  • MULTI_LINE

  • REGEX

  • MULTI_REGEX

  • SPLIT

  • JSON

  • NGINX

  • COMPOSE

  • ORC

demo_log

String

Definition

Sample log event.

Range

N/A

demo_fields

Array of DemoFieldAccess objects

Definition

Parsing fields of the sample log event.

processors

Array of Processor objects

Definition

ICAgent structuring parser.

log_split_size

Integer

Definition

Size at which to split a log file.

Range

N/A

application_id

String

Definition

ServiceStage application ID.

Range

N/A

environment_id

String

Definition

ServiceStage environment ID.

Range

N/A

component_id

Array of strings

Definition

ServiceStage component ID list.

recursive_depth

Integer

Definition

Maximum recursion depth of a collection path.

Range

N/A

access_config_type_source

String

Definition

Self-built software source of log ingestion.

Range

  • ECS

  • CCE

  • BMS

  • K8S

  • ServiceStageHost

  • ServiceStage
Table 16 AccessConfigDeatilCreate

Parameter

Type

Description

paths

Array of strings

Definition

Collection paths.

  • A path must start with a slash (/) or a letter followed by a colon and a backslash (for example, C:\).

  • A path cannot contain only slashes (/). The following special characters are not allowed: <>'|"

  • A path cannot start with /** or /*.

  • Only one double asterisk (**) can be contained in a path.

  • The container path and host path are mandatory for the CCE type and are not mandatory for the standard output.

black_paths

Array of strings

Definition

Collection blacklist paths.

  • A path must start with a slash (/) or a letter followed by a colon and a backslash (for example, C:\).

  • A path cannot contain only slashes (/). The following special characters are not allowed: <>'|"

  • A path cannot start with /** or /*.

  • Only one double asterisk (**) can be contained in a path.

format

AccessConfigFormatCreate object

Definition

Log format information.

windows_log_info

AccessConfigWindowsLogInfoCreate object

Definition

Windows event log information in a log ingestion configuration.

stdout

Boolean

Definition

Whether to enable container standard output collection in a CCE application log ingestion configuration.

Range

  • true: Container standard output collection is enabled.

  • false: Container standard output collection is disabled.

stderr

Boolean

Definition

Whether to enable container standard error collection in a CCE application log ingestion configuration.

Range

  • true: Container standard error collection is enabled.

  • false: Container standard error collection is disabled.

pathType

String

Definition

Data source type. This parameter is available only for CCE application log ingestion.

Range

  • HOST_FILE: node file type

  • CONTAINER_STDOUT: container standard output

  • CONTAINER_FILE: container file path

  • K8S_EVENT: Kubernetes event

namespaceRegex

String

Definition

Regular expression used to match Kubernetes namespaces by name. LTS will collect logs from containers within those matched namespaces. To collect logs of all namespaces, leave this parameter empty.

This parameter is available only for CCE application log ingestion.

Range

N/A

podNameRegex

String

Definition

Regular expression used to match Kubernetes pods by name. LTS will collect logs from containers within those matched pods. To collect logs of all pods, leave this parameter empty.

This parameter is available only for CCE application log ingestion.

Range

N/A

containerNameRegex

String

Definition

Regular expression used to match Kubernetes containers by name. Kubernetes container names are defined in spec.containers. LTS will collect logs from those matched containers. To collect logs of all containers, leave this parameter empty.

This parameter is available only for CCE application log ingestion.

Range

N/A

includeLabels

Map<String,String>

Definition

Container label whitelist. When configuring CCE application log ingestion, you can specify containers whose logs are to be collected by adding container label whitelists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their container labels are matched. If LabelValue is not empty, only containers with LabelKey=LabelValue in their container labels are matched. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

excludeLabels

Map<String,String>

Definition

Container label blacklist. When configuring CCE application log ingestion, you can specify containers whose logs are not to be collected by adding container label blacklists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their container labels are excluded. If LabelValue is not empty, only containers with LabelKey=LabelValue in their container labels are excluded. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

includeEnvs

Map<String,String>

Definition

Environment variable whitelist. When configuring CCE application log ingestion, you can specify containers whose logs are to be collected by adding environment variable whitelists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their environment variables are matched. If LabelValue is not empty, only containers with LabelKey=LabelValue in their environment variables are matched. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

excludeEnvs

Map<String,String>

Definition

Environment variable blacklist. When configuring CCE application log ingestion, you can specify containers whose logs are not to be collected by adding environment variable blacklists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their environment variables are excluded. If LabelValue is not empty, only containers with LabelKey=LabelValue in their environment variables are excluded. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

logLabels

Map<String,String>

Definition

Container label. When configuring CCE application log ingestion, you can use this parameter to add container label fields to logs. For example, if you set app as the LabelKey and app_alias as the LabelValue, when a container's labels contain app=lts, the field {app_alias:lts} will be added to the logs of that container.

logEnvs

Map<String,String>

Definition

Environment variable. When configuring CCE application log ingestion, you can use this parameter to add environment variable fields to logs. For example, if you set app as the environment variable key and app_alias as the value, when the Kubernetes environment variables contain app=lts, {app_alias:lts} will be added to the Kubernetes logs.

includeK8sLabels

Map<String,String>

Definition

Kubernetes label whitelist. When configuring CCE application log ingestion, you can specify containers whose logs are to be collected by adding Kubernetes label whitelists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their Kubernetes labels are matched. If LabelValue is not empty, only containers with LabelKey=LabelValue in their Kubernetes labels are matched. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

excludeK8sLabels

Map<String,String>

Definition

Kubernetes label blacklist. When configuring CCE application log ingestion, you can specify containers whose logs are not to be collected by adding Kubernetes label blacklists in the format of LabelKey:LabelValue. You can add up to 30 LabelKey:LabelValue pairs.

  • LabelKey: mandatory. It cannot start with a period (.) and can contain a maximum of 128 characters.

  • LabelValue: It can be left blank and can contain a maximum of 512 characters.

If LabelValue is empty, all containers with the specified LabelKey in their Kubernetes labels are excluded. If LabelValue is not empty, only containers with LabelKey=LabelValue in their Kubernetes labels are excluded. LabelKey must be exactly matched, while LabelValue supports regular expression matching.

logK8s

Map<String,String>

Definition

Kubernetes label. When configuring CCE application log ingestion, you can use this parameter to add Kubernetes label fields to logs. For example, if you set app as the LabelKey and app_alias as the LabelValue, when a container's labels contain app=lts, the field {app_alias:lts} will be added to the logs of that container.

repeat_collect

Boolean

Definition

Whether repeated file collection is allowed.

Range

  • true: One host log file can be collected to multiple log streams.

  • false: Each collection path must be unique. That is, the same log file in the same host cannot be collected to different log streams.

system_fields

Array of strings

Definition

System built-in fields. When configuring a log ingestion rule, you can specify system fields to include in the tag data of each log reported. If this parameter is modified, the original configuration will be overwritten.

  • The system fields for host log file collection are hostName, hostId, hostIP, pathFile, hostIPv6, and __host_group__.

The system fields for Kubernetes cluster container log file collection are hostName, hostId, hostIP, pathFile, hostIPv6, clusterId, podName, appName, containerName, nameSpace, __host_group__, serviceID, podIp, clusterName, workloadType, and __image_name__.

custom_key_value

Map<String,String>

Definition

Custom key-value pairs. When configuring log ingestion, you can configure up to 20 custom key-value pairs to be included as fields in the tag data of each log reported. If this parameter is modified, the original configuration will be overwritten.

  • Key: Enter up to 128 characters, including letters, digits, underscores (_), and hyphens (-).

  • Value: Enter up to 1,024 characters.

includeLabelsLogical

String

Definition

Logic for multiple container label whitelists, which determines how the whitelists are applied. The value can be AND (all whitelists must be met) or OR (default value; any whitelist is met).

Range

  • AND

  • OR

excludeLabelsLogical

String

Definition

Logic for multiple container label blacklists, which determines how the blacklists are applied. The value can be AND (all blacklists must be met) or OR (default value; any blacklist is met).

Range

  • AND

  • OR

includeK8sLabelsLogical

String

Definition

Logic for multiple Kubernetes label whitelists, which determines how the whitelists are applied. The value can be AND (all whitelists must be met) or OR (default value; any whitelist is met).

Range

  • AND

  • OR

excludeK8sLabelsLogical

String

Definition

Logic for multiple Kubernetes label blacklists, which determines how the blacklists are applied. The value can be AND (all blacklists must be met) or OR (default value; any blacklist is met).

Range

  • AND

  • OR

includeEnvsLogical

String

Definition

Logic for multiple environment variable whitelists, which determines how the whitelists are applied. The value can be AND (all whitelists must be met) or OR (default value; any whitelist is met).

Range

  • AND

  • OR

excludeEnvsLogical

String

Definition

Logic for multiple environment variable blacklists, which determines how the blacklists are applied. The value can be AND (all blacklists must be met) or OR (default value; any blacklist is met).

Range

  • AND

  • OR
Table 17 AccessConfigFormatCreate

Parameter

Type

Description

single

AccessConfigFormatSingleCreate object

Single-line logs.

multi

AccessConfigFormatMutilCreate object

Multi-line logs.
Table 18 AccessConfigFormatSingleCreate

Parameter

Type

Description

mode

String

Single-line logs. system indicates the system time, whereas wildcard indicates the time wildcard.

value

String

Log time.If mode is system, the value is the current timestamp.If mode is wildcard, the value is a time wildcard, which is used to match the log printing time displayed at the beginning of a log event. If the time format in a log event is 2019-01-01 23:59:59, the time wildcard is YYYY-MM-DD hh:mm:ss. If the time format in a log event is 19-1-1 23:59:59, the time wildcard is YY-M-D hh:mm:ss.
Table 19 AccessConfigFormatMutilCreate

Parameter

Type

Description

mode

String

Single-line logs. time indicates a time wildcard is used to detect log boundaries, whereas regular indicates that a regular expression is used.

value

String

Log time.If mode is regular, the value is a regular expression.If mode is time, the value is a time wildcard, which is used to match the log printing time displayed at the beginning of a log event. If the time format in a log event is 2019-01-01 23:59:59, the time wildcard is YYYY-MM-DD hh:mm:ss. If the time format in a log event is 19-1-1 23:59:59, the time wildcard is YY-M-D hh:mm:ss.
Table 20 AccessConfigWindowsLogInfoCreate

Parameter

Type

Description

categorys

Array of strings

Type of Windows event logs to be collected.

  • Application: application event logs.

  • System: system event logs.

  • Security: security event logs.

  • Setup: startup event logs.

time_offset

AccessConfigTimeOffset object

Offset from first collection time.

event_level

Array of strings

Event level.

  • information: common information events, which do not affect system running.

  • warning: warning events, which may affect system running but do not cause system breakdown.

  • error: error events, which cause system breakdown or prevent the service from running properly.

  • critical: critical events, which may cause system or application failures.

  • verbose: detailed event information, which does not affect the system running.
Table 21 AccessConfigTimeOffset

Parameter

Type

Description

offset

Long

Time offset.

When unit is day, the value ranges from 1 to 7.

When unit is hour, the value ranges from 1 to 168.

When unit is sec, the value ranges from 1 to 604800.

unit

String

Unit of the time offset.

  • day

  • hour

  • sec
Table 22 AccessConfigQueryLogInfo

Parameter

Type

Description

log_group_id

String

Log group ID.

log_stream_id

String

Log stream ID.

log_group_name

String

Log group name.

log_stream_name

String

Log stream name.

log_group_name_alias

String

Log group alias.

log_stream_name_alias

String

Log stream alias.
Table 23 AccessConfigHostGroupIdList

Parameter

Type

Description

host_group_id_list

Array of strings

List of host group IDs.
Table 24 accessConfigTag

Parameter

Type

Description

key

String

Tag key, which must be unique.

  • A tag key can contain letters, digits, spaces, and special characters (_.:=+-@), but cannot start or end with a space or start with sys.

  • A tag key can contain up to 128 characters.

value

String

Tag value.

  • A tag value can contain letters, digits, spaces, and special characters (_.:=+-@).

  • A tag value can contain up to 255 characters.
Table 25 DemoFieldAccess

Parameter

Type

Description

field_name

String

Definition

Parsing fields of the sample log event.

Range

N/A

field_value

String

Definition

Value of a field in a sample log.

Range

N/A
Table 26 Processor

Parameter

Type

Description

type

String

Definition

Structuring parsing type. The values are as follows:

  • processor_regex: regular expression

  • processor_split_string: delimiter

  • processor_json: JSON

  • processor_gotime: custom time type

  • processor_filter_regex: log filtering

  • processor_drop: type of fields to be deleted

  • processor_rename: type of fields to be modified

Range

N/A

detail

Detail object

Definition

Structuring parsing configuration information.
Table 27 Detail

Parameter

Type

Description

source_key

String

Definition

Original field for storing log content before log structuring parsing. The default value is content.

Range

N/A

regex

String

Definition

Regular expression. Regular expression used to match logs.

Range

N/A

keys

Array of strings

Definition

Name of an extracted field. Set a corresponding field name for the extracted log content.

multi_line_regex

String

Definition

First line regular expression.

Range

N/A

keep_source

Boolean

Definition

Whether to upload raw logs.

Range

true: Retain raw logs.

false: Do not retain raw logs.

keep_source_if_parse_error

Boolean

Definition

Whether to upload logs that fail to be parsed.

Range

true: Upload logs that fail to be parsed.

false: Do not upload logs that fail to be parsed.

split_sep

String

Definition

Delimiters. Set delimiters based on the log content, for example, vertical bar (|).

Range

N/A

split_type

String

Definition

Delimiter type. The value can be char (single character), special_char (invisible characters), or string.

Range

N/A

fields

Map<String,String>

Definition

Field name and value to be added, in the key-value pair format. You can add multiple key-value pairs.

drop_keys

Array of strings

Definition

List of discarded fields.

source_keys

Array of strings

Definition

Original field to be renamed.

dest_keys

Array of strings

Definition

Renamed field.

expand_depth

Integer

Definition

Depth of JSON expansion. The default value is 0, indicating that there is no limit. 1 indicates the one level, and so on.

Range

N/A

expand_connector

String

Definition

Connector for JSON expansion. The default value is a period (.).

Range

N/A

source_format

String

Definition

Format of the original time.

Range

N/A

source_value

String

Definition

Field value of the original time.

Range

N/A

set_time

Boolean

Definition

Whether to set the parsed time as the log time.

Range

N/A

include

Map<String,String>

Definition

Log filtering whitelist rule, in the format of key-value pairs. Each key indicates a log field and must be unique, with a maximum of 256 characters. The corresponding value is a regular expression that specifies the filtering criteria.

exclude

Map<String,String>

Definition

Log filtering blacklist rule, in the format of key-value pairs. Each key indicates a log field and must be unique, with a maximum of 256 characters. The corresponding value is a regular expression that specifies the filtering criteria.

Status code: 400

Table 28 Response body parameters

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error description

Status code: 500

Table 29 Response body parameters

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error description

Example Requests

Modifying a Log Ingestion Configuration (for ECS)

PUT https://{endpoint}/v3/{project_id}/lts/access-config

{
  "access_config_id" : "ed90802a-8475-4702-955e-e3ee16a5dde9",
  "access_config_detail" : {
    "paths" : [ "/test/222", "/test/111" ],
    "black_paths" : [ ],
    "format" : {
      "multi" : {
        "mode" : "regular",
        "value" : "aaaa"
      }
    },
    "windows_log_info" : {
      "categorys" : [ "Application", "System" ],
      "time_offset" : {
        "offset" : 7,
        "unit" : "day"
      },
      "event_level" : [ "information", "warning", "error", "critical", "verbose" ]
    }
  },
  "host_group_info" : {
    "host_group_id_list" : [ "de4dbed4-a3bc-4877-a7ee-096a2a63e036" ]
  },
  "access_config_tag" : [ {
    "key" : "xxx",
    "value" : "xxx"
  }, {
    "key" : "xxx1",
    "value" : "xxx1"
  } ]
}

Example Responses

Status code: 200

Ingestion configuration modified.

{
  "access_config_detail" : {
    "black_paths" : [ "/wjy/hei/tesxxx", "/wjy/hei/tesxxx" ],
    "format" : {
      "single" : {
        "mode" : "wildcard",
        "value" : "1111"
      }
    },
    "paths" : [ "/wjy/tesxxx" ],
    "windows_log_info" : {
      "categorys" : [ "System", "Application", "Security", "Setup" ],
      "event_level" : [ "information", "warning", "error", "critical", "verbose" ],
      "time_offset" : {
        "offset" : 168,
        "unit" : "hour"
      }
    }
  },
  "access_config_id" : "aa58d29e-21a9-4761-ba16-8cxxxxd",
  "access_config_name" : "CollectionWjy_xxxxt2",
  "access_config_tag" : [ {
    "key" : "xxx",
    "value" : "xxx"
  }, {
    "key" : "xxx1",
    "value" : "xxx1"
  } ],
  "access_config_type" : "AGENT",
  "create_time" : 163504332654,
  "host_group_info" : {
    "host_group_id_list" : [ "de4dbed4-a3bc-4877-a7ee-09xxxxxx" ]
  },
  "log_info" : {
    "log_group_id" : "9a7e2183-2d6d-4732-9axxxxx49e0",
    "log_group_name" : "lts-groupxxxa",
    "log_group_name_alias" : "lts-groupxxxa",
    "log_stream_id" : "c4de0538-53e6-41fd-b951-xxxx8d7",
    "log_stream_name" : "lts-topixxx",
    "log_stream_name_alias" : "lts-topixxx"
  }
}

Status code: 400

Invalid request. Modify the request based on the description in error_msg before a retry.

{
  "error_code" : "LTS.1807",
  "error_msg" : "Invalid access config id"
}

Status code: 500

The server has received the request but encountered an internal error.

{
  "error_code" : "LTS.0010",
  "error_msg" : "The system encountered an internal error"
}

Status Codes

Status Code

Description

200

Ingestion configuration modified.

400

Invalid request. Modify the request based on the description in error_msg before a retry.

500

The server has received the request but encountered an internal error.

Error Codes

See Error Codes.

Parent topic: Log Ingestion