New-Source Filters PSObject
StarkCaptain opened this issue · comments
Can you provide an example on how to properly define the psobject for properties with an array of values such as the filters property. I was trying something like below, however I have not been able to get this to work.
filters = [pscustomobject]@{
filterType = 'Mask'
name = 'mask_dns_parens'
regexp = '(\(\d+\))'
mask = '.'
} 
I think your way is just working but filters is an array not single item - (I tested following in PowreShell Core 6.0.2 on mac):
- Create a host collector and a http source (basically just for easier than create from scratch)
- Get original source
PS /Users/byi> $src = (Get-Collector 144474306 | Get-Source)[0]
PS /Users/byi> $src
id : 604171932
name : original
automaticDateParsing : True
multilineProcessingEnabled : True
useAutolineMatching : True
forceTimeZone : False
filters : {}
cutoffTimestamp : 0
encoding : UTF-8
messagePerRequest : False
url : https://collectors.sumologic.com/receiver/v1/http/***==
sourceType : HTTP
alive : True
collectorId : 144474306
- Create filter
PS /Users/byi> $filter=[pscustomobject]@{
>> filterType = 'Mask'
>> name = 'mask_dns_parens'
>> regexp = '(\(\d+\))'
>> mask = '.'
>> }
- Add filter to
filtersand give a new name
PS /Users/byi> $src.filters += $filter
PS /Users/byi> $src.name = "modified"
- Create new source to collector
PS /Users/byi> New-Source -CollectorId 144474306 -Source $src
id : 604176258
name : modified
automaticDateParsing : True
multilineProcessingEnabled : True
useAutolineMatching : True
forceTimeZone : False
filters : {@{filterType=Mask; name=mask_dns_parens; regexp=(\(\d+\)); mask=.}}
cutoffTimestamp : 0
encoding : UTF-8
messagePerRequest : False
url : https://collectors.sumologic.com/receiver/v1/http/****==
sourceType : HTTP
alive : True
collectorId : 144474306
Let me know if it works on your side or not. Thanks!
I am trying to define an entire source like below and not having any luck. The filters get really funky... when looking at the converted JSON. Your example above works, but I don't want to grab the source from another collector, I want to define the entire object.
$DNSSource = @{
name = 'dns'
category = 'dns/ad'
automaticDateParsing = 'True'
multilineProcessingEnabled = 'True'
useAutolineMatching = 'True'
forceTimeZone = 'False'
timeZone = 'Etc/UTC'
filters = @(
{
filterType = 'Mask';
name = 'mask_dns_parens';
regexp = '(\(\d+\))';
mask = '.'
}
)
cutoffTimestamp = 0
encoding = 'UTF-8'
pathExpression = 'C:\Windows\Logs\DNS\DNS*.log'
blacklist = $null
sourceType = 'LocalFile'
}
ok. Let me try it. I guess it's because there are some tricks when using ConvertTo-Json
Tested it works as following way. the point (maybe) is a @ before { filterType = ...
$obj = New-Object -TypeName psobject -Property @{
"sourceType" = "LocalFile"
"name" = "dns"
"category" = "dns/ad"
"hostName" = "dev-host-1"
"automaticDateParsing" = $true
"multilineProcessingEnabled" = $true
"useAutolineMatching" = $true
"forceTimeZone" = $false
"filters" = @(@{
"filterType" = "Mask"
"name" = "mask_dns_parens"
"regexp" = '(\(\d+\))'
"mask" = "."
})
"cutoffTimestamp" = 0
"encoding" = "UTF-8"
"pathExpression" = "C:\\Windows\\Logs\\DNS\\DNS*.log"
}
New-Source -CollectorId $c.id -Source $obj
Thats works, thank you very much