Get Logs Pipeline Configuration

Retrieve the current logs pipeline configuration.

Endpoint

GET /api/pipelines/logs/config

Authentication

This endpoint requires API Key authentication via the Authorization header.

Headers

Authorization: Bearer <YOUR_API_KEY>
Accept: */*

Examples

Basic Request

Get current logs pipeline configuration:

curl -L \
  --url 'https://api.groundcover.com/api/pipelines/logs/config' \
  --header 'Authorization: Bearer <YOUR_API_KEY>' \
  --header 'Accept: */*'

Response Example

{
  "ottlRules": [
    {
      "ruleName": "nginx_access_logs",
      "conditions": [
        "workload == \"nginx\" or container_name == \"nginx\""
      ],
      "statements": [
        "set(cache, ExtractGrokPatterns(body, \"^%{IPORHOST:remote_ip} - %{DATA:remote_user} \\[%{HTTPDATE:timestamp}\\] \\\"%{WORD:method} %{DATA:path} HTTP/%{NUMBER:http_version}\\\" %{INT:status} %{INT:body_bytes}\"))",
        "merge_maps(attributes, cache, \"insert\")"
      ],
      "statementsErrorMode": "skip",
      "conditionLogicOperator": "or"
    },
    {
      "ruleName": "json_log_parsing",
      "conditions": [
        "format == \"JSON\""
      ],
      "statements": [
        "set(parsed_json, ParseJSON(body))",
        "merge_maps(attributes, parsed_json, \"insert\")"
      ],
      "statementsErrorMode": "skip",
      "conditionLogicOperator": "and"
    },
    {
      "ruleName": "error_log_enrichment",
      "conditions": [
        "level == \"error\" or level == \"ERROR\""
      ],
      "statements": [
        "set(attributes[\"severity\"], \"high\")",
        "set(attributes[\"needs_attention\"], true)"
      ],
      "statementsErrorMode": "skip",
      "conditionLogicOperator": "or"
    }
  ]
}

For detailed information about configuring and writing OTTL transformations, see:

Log Parsing with OpenTelemetry Pipelines

Last updated 3 months ago