Help Center/ Log Tank Service/ API Reference/ APIs/ Log Ingestion/ Modifying a Log Ingestion Configuration
Updated on 2024-10-28 GMT+08:00
Online Debugging
CLI Examples
View PDF
Share

Modifying a Log Ingestion Configuration

Function

This API is usde to modify a log ingestion configuration.

Calling Method

For details, see Calling APIs.

URI

PUT /v3/{project_id}/lts/access-config

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID. For details about how to obtain a project ID, see Obtaining the Account Tenant ID, Project Resource Set ID, Log Group ID, and Log Stream ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token obtained from IAM. For details about how to obtain a user token, see Obtaining a User Token.

Content-Type

Yes

String

Set this parameter to application/json;charset=UTF-8.
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

access_config_id

Yes

String

Ingestion configuration ID.

access_config_detail

No

AccessConfigDeatilUpdate object

Ingestion configuration details.

host_group_info

No

AccessConfigHostGroupIdList object

Host group ID list.

access_config_tag

No

Array of accessConfigTag objects

Tag information. A tag key must be unique. Up to 20 tags are supported.

log_split

No

Boolean

Log splitting.

binary_collect

No

Boolean

Binary collection.

cluster_id

No

String

CCE cluster ID. This parameter is mandatory for the CCE type.

incremental_collect

No

Boolean

Whether to perform incremental collection. true indicates incremental collection and false indicates full collection.

encoding_format

No

String

Encoding format. The default format is UTF-8.

processor_type

No

String

IC structuring parsing type.

demo_log

No

String

Example log.

demo_fields

No

Array of DemoFieldAccess objects

Example log parsing field.

processors

No

Array of Processor objects

IC structuring parser.

application_id

No

String

ServiceStage application ID.

environment_id

No

String

ServiceStage environment ID.

component_id

No

Array of strings

ServiceStage component ID.
Table 4 AccessConfigDeatilUpdate

Parameter

Mandatory

Type

Description

paths

No

Array of strings

  1. The path must start with a slash (/) or a letter:.

  2. The value cannot contain special characters <>'| "and cannot contain only slashes (/).

  3. The level-1 directory does not support wildcard characters () and cannot start with /** /.

  4. Only one double asterisk (**) can be contained in a path.

  5. The maximum number is 10.

black_paths

No

Array of strings

  1. The path must start with a slash (/) or a letter:.

  2. The value cannot contain special characters <>'| "and cannot contain only slashes (/).

  3. The level-1 directory does not support wildcard characters () and cannot start with /** /.

  4. Only one double asterisk (**) can be contained in a path.

  5. The maximum number is 10.

format

No

AccessConfigFormatUpdate object

Log format. Set it to either single or multi.

windows_log_info

No

AccessConfigWindowsLogInfoUpdate object

Windows event logs. To stop collecting Windows event logs, leave this parameter to empty.

stdout

No

Boolean

Standard output switch. This parameter is used only when the CCE ingestion type is used.

stderr

No

Boolean

Standard output error switch. This parameter is used only when the CCE ingestion type is used.

pathType

No

String

CCE ingestion type. This parameter is used only when the CCE ingestion type is used.

namespaceRegex

No

String

Regular expression matching of Kubernetes namespaces. This parameter is used only when the CCE ingestion type is used.

podNameRegex

No

String

Regular expression matching of the Kubernetes container name. This parameter is used only when the CCE ingestion type is used.

containerNameRegex

No

String

Regular expression matching of the Kubernetes container name. This parameter is used only when the CCE ingestion type is used.

includeLabels

No

Map<String,String>

Container label whitelist. A maximum of 30 container labels can be created. The key names must be unique. This parameter is used only when the access type is CCE.

excludeLabels

No

Map<String,String>

Container label blacklist. A maximum of 30 container labels can be created. The key names must be unique. This parameter is used only when the CCE access type is used.

includeEnvs

No

Map<String,String>

Environment variable whitelist. A maximum of 30 environment variable whitelists can be created. Key names must be unique. This parameter is used only when the access type is CCE.

excludeEnvs

No

Map<String,String>

Environment variable blacklist. A maximum of 30 environment variables can be created. The key names must be unique. This parameter is used only when the CCE access type is used.

logLabels

No

Map<String,String>

Environment variable log tag. A maximum of 30 tags can be created. The key name must be unique. This parameter is used only when the access type is CCE.

logEnvs

No

Map<String,String>

Environment variable log tag. A maximum of 30 tags can be created. The key name must be unique. This parameter is used only when the access type is CCE.

includeK8sLabels

No

Map<String,String>

Specifies the Kubernetes label whitelist. A maximum of 30 Kubernetes label whitelists can be created. The key names must be unique. This parameter is used only when the access type is CCE.

excludeK8sLabels

No

Map<String,String>

Specifies the Kubernetes label blacklist. A maximum of 30 Kubernetes label blacklists can be created. The key names must be unique. This parameter is used only when the CCE access type is used.

logK8s

No

Map<String,String>

Specifies the Kubernetes label. A maximum of 30 Kubernetes labels can be created. The key names must be unique. This parameter is used only when the access type is CCE.
Table 5 AccessConfigFormatUpdate

Parameter

Mandatory

Type

Description

single

No

AccessConfigFormatSingle object

Single-line logs.

multi

No

AccessConfigFormatMutil object

Multi-line logs.
Table 6 AccessConfigFormatSingle

Parameter

Mandatory

Type

Description

mode

Yes

String

Single-line logs. system indicates the system time, whereas wildcard indicates the time wildcard.

value

Yes

String

Log time.If mode is system, the value is the current timestamp.If mode is wildcard, the value is a time wildcard, which is used by ICAgent to look for the log printing time as the beginning of a log event. If the time format in a log event is 2019-01-01 23:59:59, the time wildcard is YYYY-MM-DD hh:mm:ss. If the time format in a log event is 19-1-1 23:59:59, the time wildcard is YY-M-D hh:mm:ss.
Table 7 AccessConfigFormatMutil

Parameter

Mandatory

Type

Description

mode

Yes

String

Single-line logs. time indicates a time wildcard is used to detect log boundaries, whereas regular indicates that a regular expression is used.

value

Yes

String

Log time.If mode is regular, the value is a regular expression.If mode is time, the value is a time wildcard, which is used by ICAgent to look for the log printing time as the beginning of a log event. If the time format in a log event is 2019-01-01 23:59:59, the time wildcard is YYYY-MM-DD hh:mm:ss. If the time format in a log event is 19-1-1 23:59:59, the time wildcard is YY-M-D hh:mm:ss.
Table 8 AccessConfigWindowsLogInfoUpdate

Parameter

Mandatory

Type

Description

categorys

No

Array of strings

The type of Windows event logs to be collected. Application: application system; System: system; Security: security; Setup: startup

time_offset

No

AccessConfigTimeOffset object

Time offset.

event_level

No

Array of strings

Event level. information, warning, error, critical, verbose.
Table 9 AccessConfigTimeOffset

Parameter

Mandatory

Type

Description

offset

Yes

Long

Time offset.

When unit is day, the value ranges from 1 to 7.

When unit is hour, the value ranges from 1 to 168.

When unit is sec, the value ranges from 1 to 604800.

unit

Yes

String

Unit of the time offset. day, hour, sec.
Table 10 AccessConfigHostGroupIdList

Parameter

Mandatory

Type

Description

host_group_id_list

Yes

Array of strings

List of host group IDs.
Table 11 accessConfigTag

Parameter

Mandatory

Type

Description

key

No

String

Tag key.

value

No

String

Tag value.
Table 12 DemoFieldAccess

Parameter

Mandatory

Type

Description

field_name

No

String

Field name, which must be the same as that in keys.

field_value

No

String

Field value.
Table 13 Processor

Parameter

Mandatory

Type

Description

type

No

String

Parser type. The value can be processor_regex (regular expression), processor_split_string (delimiter), processor_json (JSON parser), processor_gotime (custom time type), processor_filter_regex (log filtering), processor_drop (type of a deleted field), and processor_rename (type of a deleted field).

detail

No

Detail object

Parser configuration.
Table 14 Detail

Parameter

Mandatory

Type

Description

source_key

No

String

Custom time key field name.

regex

No

String

Regular expression for parsing. This field is required for a single-line completely regular expression or a multi-line completely regular expression.

keys

No

Array of strings

Field name list, which is consistent with the field_name field.

multi_line_regex

No

String

First line regular expression.

keep_source

No

Boolean

Whether to upload raw logs.

keep_source_if_parse_error

No

Boolean

Whether to upload logs that fail to be parsed.

split_sep

No

String

Delimiter. The maximum length of a custom delimiter is 10 characters, and the maximum length of a custom string is 30 characters.

split_type

No

String

Delimiter type. The value can be char (custom character), special_char (invisible character), or string (custom string).

fields

No

Map<String,String>

List of added fields, in [/topic/body/section/table/tgroup/tbody/row/entry/p/br {""}) (br] format.

drop_keys

No

Array of strings

List of deleted fields.

source_keys

No

Array of strings

List of source field names for renaming fields.

dest_keys

No

Array of strings

List of field names that are renamed and replaced.

expand_depth

No

Integer

JSON parsing depth. The value ranges from 1 (default) to 4.

expand_connector

No

String

JSON parsing field name connector.

source_format

No

String

Custom time format.

source_value

No

String

Custom time field value.

set_time

No

Boolean

Whether to enable the custom time function.

include

No

Map<String,String>

A key of a log filtering whitelist rule can contain up to 256 characters, and a value can contain up to 128 characters. A key must be unique.

exclude

No

Map<String,String>

A key of a log filtering whitelist rule can contain up to 256 characters, and a value can contain up to 128 characters. A key must be unique.

Response Parameters

Status code: 200

Table 15 Response body parameters

Parameter

Type

Description

access_config_id

String

Ingestion configuration ID.

access_config_name

String

Ingestion configuration name.

access_config_type

String

Ingestion configuration type. The value AGENT indicates host log ingestion.

create_time

Long

Creation time.

access_config_detail

AccessConfigDeatilCreate object

Ingestion configuration details.

log_info

AccessConfigQueryLogInfo object

Log details.

host_group_info

AccessConfigHostGroupIdList object

Host group ID list.

access_config_tag

Array of accessConfigTag objects

Tag information. A tag key must be unique. Up to 20 tags are supported.

log_split

Boolean

Log splitting.

binary_collect

Boolean

Binary collection.

cluster_id

String

CCE cluster ID

encoding_format

String

Encoding format. The default format is UTF-8.

incremental_collect

Boolean

Collection policy. The value can be incremental or full.

processor_type

String

IC structuring parsing type.

demo_log

String

Example log.

demo_fields

Array of DemoFieldAccess objects

Example log parsing field.

processors

Array of Processor objects

IC structuring parser.

application_id

String

ServiceStage application ID.

environment_id

String

ServiceStage environment ID.

component_id

Array of strings

ServiceStage component ID.
Table 16 AccessConfigDeatilCreate

Parameter

Type

Description

paths

Array of strings

Collection paths.

  1. The path must start with a slash (/) or Letter:\.

  2. A path cannot contain only slashes (/). The following special characters are not allowed: <>'|".

  3. A path cannot start with /** or /*.

  4. Only one double asterisk (**) can be contained in a path.

    The container path and host path are mandatory for the CCE type and are not mandatory for the standard output.

black_paths

Array of strings

Collection path blacklist.

  1. The path must start with a slash (/) or Letter:\.

  2. A path cannot contain only slashes (/). The following special characters are not allowed: <>'|".

  3. A path cannot start with /** or /*.

  4. Only one double asterisk (**) can be contained in a path.

format

AccessConfigFormatCreate object

Log format. Set it to either single or multi.

windows_log_info

AccessConfigWindowsLogInfoCreate object

Windows event logs.

stdout

Boolean

Standard output switch. This parameter is used only when logs are collected from CCE.

stderr

Boolean

Standard error switch. This parameter is used only when logs are collected from CCE.

pathType

String

Log collection from CCE. This parameter is used only when logs are collected from CCE.

namespaceRegex

String

Regular expression matching of Kubernetes namespaces. This parameter is used only when logs are collected from CCE.

podNameRegex

String

Regular expression matching of Kubernetes pods. This parameter is used only when logs are collected from CCE.

containerNameRegex

String

Regular expression matching of Kubernetes container names. This parameter is used only when logs are collected from CCE.

includeLabels

Map<String,String>

Container label trustlist. A maximum of 30 container labels can be created. The key names must be unique. This parameter is used only when logs are collected from CCE.

excludeLabels

Map<String,String>

Container label blocklist. A maximum of 30 container labels can be created. The key names must be unique. This parameter is used only when logs are collected from CCE.

includeEnvs

Map<String,String>

Environment variable trustlist. A maximum of 30 environment variable whitelists can be created. Key names must be unique. This parameter is used only when logs are collected from CCE.

excludeEnvs

Map<String,String>

Environment variable blocklist. A maximum of 30 environment variables can be created. The key names must be unique. This parameter is used only when logs are collected from CCE.

logLabels

Map<String,String>

Container label log tag. A maximum of 30 tags can be created. The key names must be unique. This parameter is used only when logs are collected from CCE.

logEnvs

Map<String,String>

Environment variable log tag. A maximum of 30 tags can be created. The key name must be unique. This parameter is used only when logs are collected from CCE.

includeK8sLabels

Map<String,String>

Kubernetes label trustlist. A maximum of 30 whitelists can be created. The key names must be unique. This parameter is used only when logs are collected from CCE.

excludeK8sLabels

Map<String,String>

Kubernetes label blocklist. A maximum of 30 blocklists can be created. The key names must be unique. This parameter is used only when logs are collected from CCE.

logK8s

Map<String,String>

Kubernetes label log tag. A maximum of 30 tags can be created. The key names must be unique. This parameter is used only when logs are collected from CCE.

repeat_collect

Boolean

Forcible repeated collection.
Table 17 AccessConfigFormatCreate

Parameter

Type

Description

single

AccessConfigFormatSingleCreate object

Single-line logs.

multi

AccessConfigFormatMutilCreate object

Multi-line logs.
Table 18 AccessConfigFormatSingleCreate

Parameter

Type

Description

mode

String

Single-line logs. system indicates the system time, whereas wildcard indicates the time wildcard.

value

String

Log time.If mode is system, the value is the current timestamp.If mode is wildcard, the value is a time wildcard, which is used by ICAgent to look for the log printing time as the beginning of a log event. If the time format in a log event is 2019-01-01 23:59:59, the time wildcard is YYYY-MM-DD hh:mm:ss. If the time format in a log event is 19-1-1 23:59:59, the time wildcard is YY-M-D hh:mm:ss.
Table 19 AccessConfigFormatMutilCreate

Parameter

Type

Description

mode

String

Single-line logs. time indicates a time wildcard is used to detect log boundaries, whereas regular indicates that a regular expression is used.

value

String

Log time.If mode is regular, the value is a regular expression.If mode is time, the value is a time wildcard, which is used by ICAgent to look for the log printing time as the beginning of a log event. If the time format in a log event is 2019-01-01 23:59:59, the time wildcard is YYYY-MM-DD hh:mm:ss. If the time format in a log event is 19-1-1 23:59:59, the time wildcard is YY-M-D hh:mm:ss.
Table 20 AccessConfigWindowsLogInfoCreate

Parameter

Type

Description

categorys

Array of strings

The type of Windows event logs to be collected. Application: application system; System: system; Security: security; Setup: startup

time_offset

AccessConfigTimeOffset object

Time offset.

event_level

Array of strings

Event level. information, warning, error, critical, verbose.
Table 21 AccessConfigTimeOffset

Parameter

Type

Description

offset

Long

Time offset.

When unit is day, the value ranges from 1 to 7.

When unit is hour, the value ranges from 1 to 168.

When unit is sec, the value ranges from 1 to 604800.

unit

String

Unit of the time offset. day, hour, sec.
Table 22 AccessConfigQueryLogInfo

Parameter

Type

Description

log_group_id

String

Log group ID.

log_stream_id

String

Log stream ID.

log_group_name

String

Log group name.

log_stream_name

String

Log stream name.
Table 23 AccessConfigHostGroupIdList

Parameter

Type

Description

host_group_id_list

Array of strings

List of host group IDs.
Table 24 accessConfigTag

Parameter

Type

Description

key

String

Tag key.

value

String

Tag value.
Table 25 DemoFieldAccess

Parameter

Type

Description

field_name

String

Field name, which must be the same as that in keys.

field_value

String

Field value.
Table 26 Processor

Parameter

Type

Description

type

String

Parser type. The value can be processor_regex (regular expression), processor_split_string (delimiter), processor_json (JSON parser), processor_gotime (custom time type), processor_filter_regex (log filtering), processor_drop (type of a deleted field), and processor_rename (type of a deleted field).

detail

Detail object

Parser configuration.
Table 27 Detail

Parameter

Type

Description

source_key

String

Custom time key field name.

regex

String

Regular expression for parsing. This field is required for a single-line completely regular expression or a multi-line completely regular expression.

keys

Array of strings

Field name list, which is consistent with the field_name field.

multi_line_regex

String

First line regular expression.

keep_source

Boolean

Whether to upload raw logs.

keep_source_if_parse_error

Boolean

Whether to upload logs that fail to be parsed.

split_sep

String

Delimiter. The maximum length of a custom delimiter is 10 characters, and the maximum length of a custom string is 30 characters.

split_type

String

Delimiter type. The value can be char (custom character), special_char (invisible character), or string (custom string).

fields

Map<String,String>

List of added fields, in [/topic/body/section/table/tgroup/tbody/row/entry/p/br {""}) (br] format.

drop_keys

Array of strings

List of deleted fields.

source_keys

Array of strings

List of source field names for renaming fields.

dest_keys

Array of strings

List of field names that are renamed and replaced.

expand_depth

Integer

JSON parsing depth. The value ranges from 1 (default) to 4.

expand_connector

String

JSON parsing field name connector.

source_format

String

Custom time format.

source_value

String

Custom time field value.

set_time

Boolean

Whether to enable the custom time function.

include

Map<String,String>

A key of a log filtering whitelist rule can contain up to 256 characters, and a value can contain up to 128 characters. A key must be unique.

exclude

Map<String,String>

A key of a log filtering whitelist rule can contain up to 256 characters, and a value can contain up to 128 characters. A key must be unique.

Status code: 400

Table 28 Response body parameters

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error description

Status code: 500

Table 29 Response body parameters

Parameter

Type

Description

error_code

String

Error code

error_msg

String

Error description

Example Requests

Modifying a Log Ingestion Configuration (for ECS)

PUT https://{endpoint}/v3/{project_id}/lts/access-config

{
  "access_config_id" : "ed90802a-8475-4702-955e-e3ee16a5dde9",
  "access_config_detail" : {
    "paths" : [ "/test/222", "/test/111" ],
    "black_paths" : [ ],
    "format" : {
      "multi" : {
        "mode" : "regular",
        "value" : "aaaa"
      }
    },
    "windows_log_info" : {
      "categorys" : [ "Application", "System" ],
      "time_offset" : {
        "offset" : 7,
        "unit" : "day"
      },
      "event_level" : [ "information", "warning", "error", "critical", "verbose" ]
    }
  },
  "host_group_info" : {
    "host_group_id_list" : [ "de4dbed4-a3bc-4877-a7ee-096a2a63e036" ]
  },
  "access_config_tag" : [ {
    "key" : "xxx",
    "value" : "xxx"
  }, {
    "key" : "xxx1",
    "value" : "xxx1"
  } ]
}

Example Responses

Status code: 200

Ingestion configuration modified.

{
  "access_config_detail" : {
    "black_paths" : [ "/wjy/hei/tesxxx", "/wjy/hei/tesxxx" ],
    "format" : {
      "single" : {
        "mode" : "wildcard",
        "value" : "1111"
      }
    },
    "paths" : [ "/wjy/tesxxx" ],
    "windows_log_info" : {
      "categorys" : [ "System", "Application", "Security", "Setup" ],
      "event_level" : [ "information", "warning", "error", "critical", "verbose" ],
      "time_offset" : {
        "offset" : 168,
        "unit" : "hour"
      }
    }
  },
  "access_config_id" : "aa58d29e-21a9-4761-ba16-8cxxxxd",
  "access_config_name" : "CollectionWjy_xxxxt2",
  "access_config_tag" : [ {
    "key" : "xxx",
    "value" : "xxx"
  }, {
    "key" : "xxx1",
    "value" : "xxx1"
  } ],
  "access_config_type" : "AGENT",
  "create_time" : 163504332654,
  "host_group_info" : {
    "host_group_id_list" : [ "de4dbed4-a3bc-4877-a7ee-09xxxxxx" ]
  },
  "log_info" : {
    "log_group_id" : "9a7e2183-2d6d-4732-9axxxxx49e0",
    "log_group_name" : "lts-groupxxxa",
    "log_stream_id" : "c4de0538-53e6-41fd-b951-xxxx8d7",
    "log_stream_name" : "lts-topixxx"
  }
}

Status code: 400

Invalid request. Modify the request based on the description in error_msg before a retry.

{
  "error_code" : "LTS.1807",
  "error_msg" : "Invalid access config id"
}

Status code: 500

The server has received the request but encountered an internal error.

{
  "error_code" : "LTS.0010",
  "error_msg" : "The system encountered an internal error"
}

Status Codes

Status Code

Description

200

Ingestion configuration modified.

400

Invalid request. Modify the request based on the description in error_msg before a retry.

500

The server has received the request but encountered an internal error.

Error Codes

See Error Codes.

Parent Topic: Log Ingestion