sonar-stream-rules
Enumerate stream rules in Logpresso Sonar.
sonar-stream-rules [keywords=KEYWORDS] [enabled=t|f]
- keywords=KEYWORDS
- Search term for filtering rule names
- enabled=ENABLED
- Filter by enabled status (t/f)
Output Fields
| Field | Type | Name | Description | 
|---|---|---|---|
| guid | String | GUID | Rule GUID | 
| name | String | Name | Rule name | 
| description | String | Description | Rule description | 
| priority | String | Priority | Rule priority | 
| enabled | Bool | Enabled | Whether rule is enabled | 
| msg | String | Message | Message template. Macro in the $field format available | 
| schema_code | String | Schema code | Log schema code | 
| schema_name | String | Schema name | Log schema name | 
| source_type | String | Source type | Rule source type (LOGGER or LOGGER_MODEL) | 
| logger_model_guids | List | Logger model GUIDs | List of logger model identifiers | 
| logger_guids | List | Logger GUIDs | List of logger identifiers | 
| query_string | String | Query string | Complete query string assembled from commands | 
| commands | List | Commands | List of stream rule commands | 
| category_name | String | Category name | Stream rule category name | 
| category_guid | String | Category GUID | Stream rule category GUID | 
| ticket_repo_guid | String | Ticket repository GUID | Ticket repository GUID | 
| suppress_key | String | Suppression key | Suppress key field. Macro in the $field format available | 
| event_suppress_interval | Integer | Event suppression interval | Suppression period for duplicated event in seconds | 
| ticket_suppress_interval | Integer | Ticket suppression interval | Suppression period for duplicated ticket in seconds | 
| keep_alive | Bool | Keep alive | true to keep the timer alive, false to reset it | 
| ticket_assignee_names | List | Ticket assignee names | List of ticket assignee names | 
| ticket_assignee_guids | List | Ticket assignee GUIDs | List of ticket assignee GUIDs | 
| alarm_group_guid | String | Alarm group GUID | Alarm group GUID | 
| alarm_group_name | String | Alarm group name | Alarm group name | 
| address_group_guid | String | Address group GUID | Address group GUID | 
| address_field | String | Address field | Target fields to add to the address group | 
| blacklist_expire_minute | Integer | Blacklist expiration | Blacklist expiration time in minutes | 
| field_order | List | Field order | Evidence file output order. Comma-separated list of field names. | 
| employee_key_field | String | Employee key field | Employee number field. Typically using a normalized emp_key field. | 
| auditor_guid | String | Auditor GUID | Auditor GUID. If not specified, the department head is assigned as default | 
| auditor_name | String | Auditor name | Auditor name. If not specified, the department head is assigned as default | 
| audit_days | Integer | Audit retention days | Audit due date (days) | 
| audit_category_name | String | Audit category name | Audit category name | 
| audit_category_guid | String | Audit category GUID | Audit category GUID | 
| user_note | String | User note | Audit request details | 
| user_guid | String | User GUID | GUID of the user who creates the stream rule | 
| user_name | String | User name | Name of the user who creates the stream rule | 
| app_code | String | App code | App identifier | 
| app_built_in | Bool | App object | Stream rule object included in app | 
| created | Date | Created | Creation timestamp | 
| updated | Date | Updated | Last modification timestamp | 
