Schema that defines the data to include in a catalog.
A catalog is a tabular collection of data that can be added to new events. Given a catalog, the Query Catalog action uses the lookup field (usually the source or hostname) to find a row that matches the event. It then maps the remaining fields to the event.
Note – A catalog object defines the keys (columns) in the table. Document objects define the values (rows) used to map data to matching events.
{
"name": "dbothwell-test",
"description": "dbothwell-test",
"schema": {
"fields": [
{
"name": "source",
"required": false,
"type": "STRING"
},
{
"name": "service",
"required": false,
"type": "STRING"
},
{
"name": "aws_region",
"required": false,
"type": "STRING"
},
{
"name": "manager",
"required": false,
"type": "STRING"
}
]
}
}
name
string
User-defined name of the catalog. Must be unique. Most other catalog operations require this field.
description
string
User-defined description of the catalog.
schema
JSON list
The set of keys for each document in the catalog. If you think of a catalog as a table, these elements define the column headers. Each element defines the following:
-
The key name
-
Whether the field is required in the catalog
-
The expected type of the value