Catalog API Object

Schema that defines the data to include in a catalog.

A catalog is a tabular collection of data that can be added to new events. Given a catalog, the Query Catalog action uses the lookup field (usually the source or hostname) to find a row that matches the event. It then maps the remaining fields to the event.

Note – A catalog object defines the keys (columns) in the table. Document objects define the values (rows) used to map data to matching events.

            {
                "name": "dbothwell-test",
                "description": "dbothwell-test",
                "schema": {
                    "fields": [
                        {
                            "name": "source",
                            "required": false,
                            "type": "STRING"
                        },
                        {
                            "name": "service",
                            "required": false,
                            "type": "STRING"
                        },
                        {
                            "name": "aws_region",
                            "required": false,
                            "type": "STRING"
                        },
                        {
                            "name": "manager",
                            "required": false,
                            "type": "STRING"
                        }
                    ]
                }
            }

name

string

User-defined name of the catalog. Must be unique. Most other catalog operations require this field.

description

string

User-defined description of the catalog.

schema

JSON list

The set of keys for each document in the catalog. If you think of a catalog as a table, these elements define the column headers. Each element defines the following:

  • The key name

  • Whether the field is required in the catalog

  • The expected type of the value