# Update Logs Pipeline Configuration

### Endpoint

**POST** `/api/pipelines/logs/config`

### Authentication

This endpoint requires API Key authentication via the Authorization header.

### Headers

```bash
Authorization: Bearer <YOUR_API_KEY>
Content-Type: application/json
```

### Examples

#### Basic Request

Update logs pipeline configuration with test pattern:

```bash
curl -L \
  --request POST \
  --url 'https://api.groundcover.com/api/pipelines/logs/config' \
  --header 'Authorization: Bearer <YOUR_API_KEY>' \
  --header 'Content-Type: application/json' \
  --data '{
    "ottlRules": [
      {
        "ruleName": "test_log_pattern",
        "conditions": [
          "workload == \"test-app\" or container_name == \"test-container\""
        ],
        "statements": [
          "set(cache, ExtractGrokPatterns(body, \"^%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:message}\"))",
          "merge_maps(attributes, cache, \"insert\")",
          "set(attributes[\"parsed\"], true)"
        ],
        "statementsErrorMode": "skip",
        "conditionLogicOperator": "or"
      },
      {
        "ruleName": "json_parsing_test",
        "conditions": [
          "format == \"JSON\""
        ],
        "statements": [
          "set(parsed_json, ParseJSON(body))",
          "merge_maps(attributes, parsed_json, \"insert\")"
        ],
        "statementsErrorMode": "skip",
        "conditionLogicOperator": "and"
      }
    ]
  }'
```

#### Response Example

```json
{
  "uuid": "59804867-6211-48ed-b34a-1fc33827aca6",
  "created_by": "itamar",
  "created_timestamp": "2025-08-31T13:33:27.364525Z",
  "value": "ottlRules:\n  - ruleName: test_log_pattern\n    conditions:\n      - workload == \"test-app\" or container_name == \"test-container\"\n    statements:\n      - set(cache, ExtractGrokPatterns(body, \"^%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{GREEDYDATA:message}\"))\n      - merge_maps(attributes, cache, \"insert\")\n      - set(attributes[\"parsed\"], true)\n    statementsErrorMode: skip\n    conditionLogicOperator: or"
}
```

🚨 **CRITICAL WARNING**: This endpoint **COMPLETELY REPLACES** the entire pipeline configuration and **WILL DELETE ALL EXISTING RULES**. Always backup your current configuration first by calling the GET endpoint.

#### Backup Current Configuration First

**ALWAYS** get your current configuration before making changes:

```bash
curl -L \
  --url 'https://api.groundcover.com/api/pipelines/logs/config' \
  --header 'Authorization: Bearer <YOUR_API_KEY>' \
  --header 'Accept: */*' > pipeline-backup.json
```

#### Verify Configuration Update

After updating the configuration, verify the patterns were added:

```bash
curl -L \
  --url 'https://api.groundcover.com/api/pipelines/logs/config' \
  --header 'Authorization: Bearer <YOUR_API_KEY>' \
  --header 'Accept: */*'
```

This should return your updated configuration including the new test patterns.

### Related Documentation

For detailed information about configuring and writing OTTL transformations, see:

* [Log Parsing with OpenTelemetry Pipelines](https://docs.groundcover.com/log-parsing-with-opentelemetry-pipelines)