Update Logs Pipeline Configuration

Update the logs pipeline configuration.

Endpoint

POST /api/pipelines/logs/config

Authentication

This endpoint requires API Key authentication via the Authorization header.

Headers

Authorization: Bearer <YOUR_API_KEY>
Content-Type: application/json

Examples

Basic Request

Update logs pipeline configuration with test pattern:

curl -L \
  --request POST \
  --url 'https://api.groundcover.com/api/pipelines/logs/config' \
  --header 'Authorization: Bearer <YOUR_API_KEY>' \
  --header 'Content-Type: application/json' \
  --data '{
    "ottlRules": [
      {
        "ruleName": "test_log_pattern",
        "conditions": [
          "workload == \"test-app\" or container_name == \"test-container\""
        ],
        "statements": [
          "set(cache, ExtractGrokPatterns(body, \"^%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:message}\"))",
          "merge_maps(attributes, cache, \"insert\")",
          "set(attributes[\"parsed\"], true)"
        ],
        "statementsErrorMode": "skip",
        "conditionLogicOperator": "or"
      },
      {
        "ruleName": "json_parsing_test",
        "conditions": [
          "format == \"JSON\""
        ],
        "statements": [
          "set(parsed_json, ParseJSON(body))",
          "merge_maps(attributes, parsed_json, \"insert\")"
        ],
        "statementsErrorMode": "skip",
        "conditionLogicOperator": "and"
      }
    ]
  }'

Response Example

{
  "uuid": "59804867-6211-48ed-b34a-1fc33827aca6",
  "created_by": "itamar",
  "created_timestamp": "2025-08-31T13:33:27.364525Z",
  "value": "ottlRules:\n  - ruleName: test_log_pattern\n    conditions:\n      - workload == \"test-app\" or container_name == \"test-container\"\n    statements:\n      - set(cache, ExtractGrokPatterns(body, \"^%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:message}\"))\n      - merge_maps(attributes, cache, \"insert\")\n      - set(attributes[\"parsed\"], true)\n    statementsErrorMode: skip\n    conditionLogicOperator: or"
}

🚨 CRITICAL WARNING: This endpoint COMPLETELY REPLACES the entire pipeline configuration and WILL DELETE ALL EXISTING RULES. Always backup your current configuration first by calling the GET endpoint.

Backup Current Configuration First

ALWAYS get your current configuration before making changes:

curl -L \
  --url 'https://api.groundcover.com/api/pipelines/logs/config' \
  --header 'Authorization: Bearer <YOUR_API_KEY>' \
  --header 'Accept: */*' > pipeline-backup.json

Verify Configuration Update

After updating the configuration, verify the patterns were added:

curl -L \
  --url 'https://api.groundcover.com/api/pipelines/logs/config' \
  --header 'Authorization: Bearer <YOUR_API_KEY>' \
  --header 'Accept: */*'

This should return your updated configuration including the new test patterns.

For detailed information about configuring and writing OTTL transformations, see:

Last updated