Update Logs Pipeline Configuration
Update the logs pipeline configuration.
Endpoint
POST /api/pipelines/logs/config
Authentication
This endpoint requires API Key authentication via the Authorization header.
Headers
Authorization: Bearer <YOUR_API_KEY>
Content-Type: application/json
Examples
Basic Request
Update logs pipeline configuration with test pattern:
curl -L \
--request POST \
--url 'https://api.groundcover.com/api/pipelines/logs/config' \
--header 'Authorization: Bearer <YOUR_API_KEY>' \
--header 'Content-Type: application/json' \
--data '{
"ottlRules": [
{
"ruleName": "test_log_pattern",
"conditions": [
"workload == \"test-app\" or container_name == \"test-container\""
],
"statements": [
"set(cache, ExtractGrokPatterns(body, \"^%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:message}\"))",
"merge_maps(attributes, cache, \"insert\")",
"set(attributes[\"parsed\"], true)"
],
"statementsErrorMode": "skip",
"conditionLogicOperator": "or"
},
{
"ruleName": "json_parsing_test",
"conditions": [
"format == \"JSON\""
],
"statements": [
"set(parsed_json, ParseJSON(body))",
"merge_maps(attributes, parsed_json, \"insert\")"
],
"statementsErrorMode": "skip",
"conditionLogicOperator": "and"
}
]
}'
Response Example
{
"uuid": "59804867-6211-48ed-b34a-1fc33827aca6",
"created_by": "itamar",
"created_timestamp": "2025-08-31T13:33:27.364525Z",
"value": "ottlRules:\n - ruleName: test_log_pattern\n conditions:\n - workload == \"test-app\" or container_name == \"test-container\"\n statements:\n - set(cache, ExtractGrokPatterns(body, \"^%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:message}\"))\n - merge_maps(attributes, cache, \"insert\")\n - set(attributes[\"parsed\"], true)\n statementsErrorMode: skip\n conditionLogicOperator: or"
}
🚨 CRITICAL WARNING: This endpoint COMPLETELY REPLACES the entire pipeline configuration and WILL DELETE ALL EXISTING RULES. Always backup your current configuration first by calling the GET endpoint.
Backup Current Configuration First
ALWAYS get your current configuration before making changes:
curl -L \
--url 'https://api.groundcover.com/api/pipelines/logs/config' \
--header 'Authorization: Bearer <YOUR_API_KEY>' \
--header 'Accept: */*' > pipeline-backup.json
Verify Configuration Update
After updating the configuration, verify the patterns were added:
curl -L \
--url 'https://api.groundcover.com/api/pipelines/logs/config' \
--header 'Authorization: Bearer <YOUR_API_KEY>' \
--header 'Accept: */*'
This should return your updated configuration including the new test patterns.
Related Documentation
For detailed information about configuring and writing OTTL transformations, see:
Last updated