Catalog Document API Object

Defines an individual row included in a catalog object.

A catalog is a tabular collection of data that can be added to new events. The catalog object defines the keys (columns) and includes a list of document objects (rows). Each document defines the data to add to a specific event. The document object includes an auto-generated ID and a list of field names and values.

Given a catalog, the Query Catalog action uses the lookup field (usually the source or hostname) to find a document that matches the event. It then maps the relevant fields in that document to the event.

This operation includes separate operations for catalogs and dictionaries. To access a catalog's documents, use a document operations such as GET document/ and provide the catalog name.

            {
                "_id": "60858fdb1a8cfe6608adab21",
                "key-1": " value-1",
                "key-2": " value-2",
                ...
                "key-n": " value-n"
            }