UnifiedAgentAuditdParser

class oci.logging.models.UnifiedAgentAuditdParser(**kwargs)

Bases: oci.logging.models.unified_agent_parser.UnifiedAgentParser

auditd parser.

Attributes

PARSER_TYPE_APACHE2 str(object=’’) -> str
PARSER_TYPE_APACHE_ERROR str(object=’’) -> str
PARSER_TYPE_AUDITD str(object=’’) -> str
PARSER_TYPE_CRI str(object=’’) -> str
PARSER_TYPE_CSV str(object=’’) -> str
PARSER_TYPE_GROK str(object=’’) -> str
PARSER_TYPE_JSON str(object=’’) -> str
PARSER_TYPE_MSGPACK str(object=’’) -> str
PARSER_TYPE_MULTILINE str(object=’’) -> str
PARSER_TYPE_MULTILINE_GROK str(object=’’) -> str
PARSER_TYPE_NONE str(object=’’) -> str
PARSER_TYPE_OPENMETRICS str(object=’’) -> str
PARSER_TYPE_REGEXP str(object=’’) -> str
PARSER_TYPE_SYSLOG str(object=’’) -> str
PARSER_TYPE_TSV str(object=’’) -> str
field_time_key Gets the field_time_key of this UnifiedAgentParser.
is_estimate_current_event Gets the is_estimate_current_event of this UnifiedAgentParser.
is_keep_time_key Gets the is_keep_time_key of this UnifiedAgentParser.
is_null_empty_string Gets the is_null_empty_string of this UnifiedAgentParser.
null_value_pattern Gets the null_value_pattern of this UnifiedAgentParser.
parser_type [Required] Gets the parser_type of this UnifiedAgentParser.
timeout_in_milliseconds Gets the timeout_in_milliseconds of this UnifiedAgentParser.
types Gets the types of this UnifiedAgentParser.

Methods

__init__(**kwargs) Initializes a new UnifiedAgentAuditdParser object with values from keyword arguments.
get_subtype(object_dictionary) Given the hash representation of a subtype of this class, use the info in the hash to return the class of the subtype.
PARSER_TYPE_APACHE2 = 'APACHE2'
PARSER_TYPE_APACHE_ERROR = 'APACHE_ERROR'
PARSER_TYPE_AUDITD = 'AUDITD'
PARSER_TYPE_CRI = 'CRI'
PARSER_TYPE_CSV = 'CSV'
PARSER_TYPE_GROK = 'GROK'
PARSER_TYPE_JSON = 'JSON'
PARSER_TYPE_MSGPACK = 'MSGPACK'
PARSER_TYPE_MULTILINE = 'MULTILINE'
PARSER_TYPE_MULTILINE_GROK = 'MULTILINE_GROK'
PARSER_TYPE_NONE = 'NONE'
PARSER_TYPE_OPENMETRICS = 'OPENMETRICS'
PARSER_TYPE_REGEXP = 'REGEXP'
PARSER_TYPE_SYSLOG = 'SYSLOG'
PARSER_TYPE_TSV = 'TSV'
__init__(**kwargs)

Initializes a new UnifiedAgentAuditdParser object with values from keyword arguments. The default value of the parser_type attribute of this class is AUDITD and it should not be changed. The following keyword arguments are supported (corresponding to the getters/setters of this class):

Parameters:
  • parser_type (str) – The value to assign to the parser_type property of this UnifiedAgentAuditdParser. Allowed values for this property are: “AUDITD”, “CRI”, “JSON”, “TSV”, “CSV”, “NONE”, “SYSLOG”, “APACHE2”, “APACHE_ERROR”, “MSGPACK”, “REGEXP”, “MULTILINE”, “GROK”, “MULTILINE_GROK”, “OPENMETRICS”
  • field_time_key (str) – The value to assign to the field_time_key property of this UnifiedAgentAuditdParser.
  • types (dict(str, str)) – The value to assign to the types property of this UnifiedAgentAuditdParser.
  • null_value_pattern (str) – The value to assign to the null_value_pattern property of this UnifiedAgentAuditdParser.
  • is_null_empty_string (bool) – The value to assign to the is_null_empty_string property of this UnifiedAgentAuditdParser.
  • is_estimate_current_event (bool) – The value to assign to the is_estimate_current_event property of this UnifiedAgentAuditdParser.
  • is_keep_time_key (bool) – The value to assign to the is_keep_time_key property of this UnifiedAgentAuditdParser.
  • timeout_in_milliseconds (int) – The value to assign to the timeout_in_milliseconds property of this UnifiedAgentAuditdParser.
field_time_key

Gets the field_time_key of this UnifiedAgentParser. Specifies the time field for the event time. If the event doesn’t have this field, the current time is used.

Returns:The field_time_key of this UnifiedAgentParser.
Return type:str
static get_subtype(object_dictionary)

Given the hash representation of a subtype of this class, use the info in the hash to return the class of the subtype.

is_estimate_current_event

Gets the is_estimate_current_event of this UnifiedAgentParser. If true, use Fluent::EventTime.now(current time) as a timestamp when the time_key is specified.

Returns:The is_estimate_current_event of this UnifiedAgentParser.
Return type:bool
is_keep_time_key

Gets the is_keep_time_key of this UnifiedAgentParser. If true, keep the time field in the record.

Returns:The is_keep_time_key of this UnifiedAgentParser.
Return type:bool
is_null_empty_string

Gets the is_null_empty_string of this UnifiedAgentParser. If true, an empty string field is replaced with a null value.

Returns:The is_null_empty_string of this UnifiedAgentParser.
Return type:bool
null_value_pattern

Gets the null_value_pattern of this UnifiedAgentParser. Specify the null value pattern.

Returns:The null_value_pattern of this UnifiedAgentParser.
Return type:str
parser_type

[Required] Gets the parser_type of this UnifiedAgentParser. Type of fluent parser.

Allowed values for this property are: “AUDITD”, “CRI”, “JSON”, “TSV”, “CSV”, “NONE”, “SYSLOG”, “APACHE2”, “APACHE_ERROR”, “MSGPACK”, “REGEXP”, “MULTILINE”, “GROK”, “MULTILINE_GROK”, “OPENMETRICS”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.

Returns:The parser_type of this UnifiedAgentParser.
Return type:str
timeout_in_milliseconds

Gets the timeout_in_milliseconds of this UnifiedAgentParser. Specify the timeout for parse processing. This is mainly for detecting an incorrect regexp pattern.

Returns:The timeout_in_milliseconds of this UnifiedAgentParser.
Return type:int
types

Gets the types of this UnifiedAgentParser. Specify types for converting a field into another type. For example,

With this configuration:
<parse>
@type csv keys time,host,req_id,user time_key time

</parse>

This incoming event:
“2013/02/28 12:00:00,192.168.0.1,111,-”
is parsed as:

1362020400 (2013/02/28/ 12:00:00)

record: {

“host” : “192.168.0.1”, “req_id” : “111”, “user” : “-”

}

Returns:The types of this UnifiedAgentParser.
Return type:dict(str, str)