sonar-batch-rules
Enumerate batch rules in Logpresso Sonar.
sonar-batch-rules [keywords=KEYWORD] [enabled=t|f]
- keywords=KEYWORD
- Optional. Search term for filtering rule names
- enabled=t|f
- Optional. Filter by enabled status
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| id | Integer | ID | Batch rule ID |
| guid | String | GUID | Batch rule GUID |
| name | String | Name | Batch rule name |
| description | String | Description | Batch rule description |
| priority | String | Priority | One of LOW, MEDIUM, HIGH |
| enabled | Boolean | Enabled | Whether the rule is active |
| msg | String | Message template | Message template. Macro in the $field format available |
| schedule | String | Schedule | CRON schedule format |
| duration | Integer | Duration | Time window of the data to be analyzed in seconds |
| datetrunc | Integer | Date truncation | Date truncation unit in seconds |
| dataset_guid | String | Dataset GUID | Dataset GUID |
| dataset_name | String | Dataset name | Dataset name |
| query | String | Query | Batch query string |
| category_name | String | Category name | Batch rule category name |
| category_guid | String | Category GUID | Batch rule category GUID |
| ticket_repo_guid | String | Ticket repository GUID | Ticket repository GUID |
| suppress_key | String | Suppression key | Suppression key. Macro in the $field format available |
| event_suppress_interval | Integer | Event suppression period | Suppression period for duplicated event in seconds |
| ticket_suppress_interval | Integer | Ticket suppression period | Suppression period for duplicated ticket in seconds |
| keep_alive | Boolean | Keep alive | Whether suppression timer persists across ticket completion |
| ticket_assignee_names | List | Ticket assignee names | List of ticket assignee names |
| ticket_assignee_guids | List | Ticket assignee GUIDs | List of ticket assignee GUIDs |
| alarm_group_guid | String | Alarm group GUID | Alarm group GUID |
| alarm_group_name | String | Alarm group name | Alarm group name |
| address_group_guid | String | Address group GUID | Address group GUID |
| address_field | String | Address field | Target fields to add to the address group |
| blacklist_expire_minute | Integer | Blacklist expiration | Blacklist expiration time in minutes |
| field_order | List | Field order | Evidence file output order. Comma-separated list of field names. |
| employee_key_field | String | Employee key field | Employee number field. Typically using a normalized emp_key field. |
| auditor_guid | String | Auditor GUID | Auditor identifier. If not specified, the department head is assigned as default |
| auditor_name | String | Auditor name | Auditor name. If not specified, the department head is assigned as default |
| audit_days | Integer | Audit due date | Audit due date (days) |
| audit_category_name | String | Audit category name | Audit category name |
| audit_category_guid | String | Audit category GUID | Audit category GUID |
| user_note | String | User note | Audit request details |
| user_guid | String | User GUID | Creator's user GUID |
| user_name | String | User name | Creator's user name |
| app_code | String | App code | App identifier |
| app_built_in | Boolean | App object | Batch rule object included in app |
| created | Date | Created | Date and time of creation |
| updated | Date | Updated | Date and time of last modification |